Re: site to site vpn

[hans steegers <steegers,AT,steegers,DOT,nl>]

Keith,
Some short & quick answers:

> I have two offices, where I need to allow the machines in one office to
> access the machines in the other office.
> Is that possible with just using CIPE.
Yes, install CIPE  on both LINUX gateways..
Use a static key. set maxerr=-1 in the options file for a persistent 
connection. Use the ping option, if needed to NAT or ISP connection alive.

> Is there something besides setting up CIPE that I need to do...
Not very much: 
* correct routes to the other local network via the cipcbX interface
* a hole in the firewalls to allow cipe's udp traffic to the other gateway

> My requirement
> I want the machines from both subnets to see machines from other subnets as
> though they are on the same network, to acess services like samba,
> mail(pop/smtp), etc..
Yes, if routing works correctly. 
* If you have a Netware server on both networks, use IPTUNNEL on the server 
to 
tunnel IPX over IP.
* You need to setup WINS for MS Windows clients to see each other across the 
tunnel. See SAMBA docs.

> What I have
> The two network's have differnet private addressing's for the subnets
> 192.168.0.0/24 192.168.100.0/24
> We have fast static public IP addresses to the internet...
No problems here.
Easiest is to give the cipe interface the same ip-address as the ethernet 
adapter connected to your local network.  See the manual for an example.

> This is possible with SuperFreeSWAN... If I can do this with CIPE, I would
> like to switch over to cipe, since redhat has support for CIPE, and I wont
> have to patch and compile kernels....
Important: Use the specific RH CIPE package for your kernel version.

*** Read the CIPE manual. ***

Regards,
Hans
_____________________________________________

Hans Steegers