Re: site to site vpn|
hans steegers <steegers,AT,steegers,DOT,nl>|
Mon, 15 Sep 2003 17:06:10 +0200|
Some short & quick answers:
> I have two offices, where I need to allow the machines in one office to
> access the machines in the other office.
> Is that possible with just using CIPE.
Yes, install CIPE on both LINUX gateways..
Use a static key. set maxerr=-1 in the options file for a persistent
connection. Use the ping option, if needed to NAT or ISP connection alive.
> Is there something besides setting up CIPE that I need to do...
Not very much:
* correct routes to the other local network via the cipcbX interface
* a hole in the firewalls to allow cipe's udp traffic to the other gateway
> My requirement
> I want the machines from both subnets to see machines from other subnets as
> though they are on the same network, to acess services like samba,
> mail(pop/smtp), etc..
Yes, if routing works correctly.
* If you have a Netware server on both networks, use IPTUNNEL on the server
tunnel IPX over IP.
* You need to setup WINS for MS Windows clients to see each other across the
tunnel. See SAMBA docs.
> What I have
> The two network's have differnet private addressing's for the subnets
> 192.168.0.0/24 192.168.100.0/24
> We have fast static public IP addresses to the internet...
No problems here.
Easiest is to give the cipe interface the same ip-address as the ethernet
adapter connected to your local network. See the manual for an example.
> This is possible with SuperFreeSWAN... If I can do this with CIPE, I would
> like to switch over to cipe, since redhat has support for CIPE, and I wont
> have to patch and compile kernels....
Important: Use the specific RH CIPE package for your kernel version.
*** Read the CIPE manual. ***