ok, thank you. That makes things a little bit more clear.
But to really understand what going on and how it works, I guess I'll need:
- first, a link for full documentation about networking
(broadcasting, routing, bridging and so on). Not just how things should
be configured, but rather how it works at low levels.
- a way to try and test different setups (I still have to try with
the boxes on differents subnet for example). But I don't always have
access to the distant box. Therefore I would like to know if there is a
simple way to do this with computers locally connected (via ethernet
adapters), in a way that would make it impossible for them to
communicate on another network than the VPN (through of course, they
have to be able to communicate just enough to be able to setup the VPN).
I don't know if this is clear, so let's say that I would like to emulate
internet like communication on my home network, to be able to try
different settings for the VPN, without interferences for the LAN. Is
- and finally, I would like to know the differences between a PPTP
tunnel and a CIPE tunnel (apart from security and performances
considerations). I am asking the question because, if I remember well,
when I first tried to setup a VPN, I tried with the windows XP build-in
server, and LAN games were actually working all right, with exactly the
same VPN configuration (both boxes were on the same subnet). The main
drawback of this solution is that the microsoft server isn't accepting
more than one client at a time. But was makes LAN games work with PPTP
and not with CIPE?
If you are bridging all trafic from one end of the tunnel is also sent to
the other end, and vice versa. So in that case you don't need routing!
If you are _not_ bridging, but routing, you must have two _different_
network sub nets on each end, for example:
Side a: 192.168.1.1/255.255.255.0 (which means 192.168.1.1 ... 255)
Side b: 192.168.2.1/255.255.255.0 (which means 192.168.2.1 ... 255
On side A all trafic for network 192.168.2.0 must go through the tunnel via
192.168.1.1 to gateway 192.168.0.1
On side B all trafic for network 192.168.1.0 must go through the tunnel via
192.168.2.1 to gateway 192.168.1.1
Having the two tunnel endpoint with an ip-address in the same sub-net
prevents proper routing.
But maybe Windows has a totally different logic!?
netmask : 255.255.254.0 and broadcast 192.168.1.255This means a subnet with the range 192.168.0.0 .. 192.168.1.255
box1 : 192.168.1.1This means both boxes are on the same subnet 192.168.1.0 .. 255
box2 : 192.168.1.2
netmask : 255.255.255.0 and broadcast 192.168.1.255