Road warrior configuration with proxy arp -- almost there, but not quite!|
David Brodbeck <DavidB,AT,mail,DOT,interclean,DOT,com>|
Wed, 16 Jul 2003 15:20:27 -0400|
I'm trying to get a "road warrior" configuration going between a host on my
network and a laptop, with proxy arp. The machine serving as the host for
the connection is 22.214.171.124 (eth0), and has an additional IP on the
same physical interface of 126.96.36.199 (eth0:0). I'm using
188.8.131.52 as the remotely accessable IP, and 184.108.40.206 as the cIPe
When the connection is made, the two hosts can ping each other on their cIPe
addresses. In addition, proxy arp works to at least some extent; hosts on
the LAN can ping the laptop's cIPe address. However, when I try to access
hosts on the LAN from the laptop, the packets get routed through the
Internet instead of the cIPe tunnel. If I try to manually add a route
("route add -net 220.127.116.11/24 cipcb0") nothing works until I delete it
Here's the options file on that host:
Here's ip-up on the host:
# ip-up <interface> <myaddr> <daemon-pid> <local> <remote> <arg>
# Sample of the ip-up script.
# This is called when the CIPE interface is opened.
# $1 interface the CIPE interface
# $2 myaddr our UDP address
# $3 daemon-pid the daemon's process ID
# $4 local IP address of our CIPE device
# $5 remote IP address of the remote CIPE device
# $6 arg argument supplied via options
# Purposes for this script: set up routes, set up proxy-arps, etc.
# start daemons, logging...
# If this becomes our default route...
#route add default gw $5
# just a logging example
now=`date "+%b %d %T"`
echo "$now UP $*" >> /var/log/cipe.log
# many systems like these pid files
echo $3 > /var/run/$1.pid
# Trigger the key exchange procedure, useful when we're using SOCKS
# This _must_ run delayed and in the background
#(sleep 10; ping -c5 $5) &
# If the system runs gated, tell it what has happened
# The following are just ideas for further consideration
# Interconnect two 10. subnets through the Internet!
# Assuming $4 is in 10.1 and $5 in 10.2
#route add -net 10.2.0.0 netmask 255.255.0.0 gw $5
# Proxy-ARP the peer's address on eth0
arp -i eth0 -Ds $5 eth0:0 pub
# Evil tricks department: masquerade the CIPE peer's /24 network to our IP
#NA=`expr $5 : '\([0-9]*\.[0-9]*\.[0-9]*\.\)'`
#ipfwadm -F -a accept -m -b -S $NA.0/24 -D 0.0.0.0/0
# the usual way for this would be a case selection on $5 or $6, however
# execute anything local
[ -x /etc/cipe/ip-up.local ] && /etc/cipe/ip-up.local $*
And here's options on the laptop:
David Brodbeck, System Administrator
InterClean Equipment, Inc.
3939 Bestech Drive Suite B
Ypsilanti, MI 48197
(734) 975-2967 x221
(734) 975-1646 (fax)