|
To: |
"Stramigioli, S" <S.Stramigioli,AT,el,DOT,utwente,DOT,nl> |
|
Subject: |
Re: Basics |
|
From: |
Mark Cooke <mpc,AT,star,DOT,sr,DOT,bham,DOT,ac,DOT,uk> |
|
Date: |
Wed, 24 Dec 2003 13:08:21 +0000 |
|
Cc: |
cipe-l,AT,inka,DOT,de, Helpdesk,AT,snt,DOT,utwente,DOT,nl |
|
In-reply-to: |
<882B6F42BCB1D311BE9700104B40036672C9D1@ntrt2.el.utwente.nl> |
|
References: |
<882B6F42BCB1D311BE9700104B40036672C9D1@ntrt2.el.utwente.nl> |
Tips:
1. Use RFC 1918 addresses for your VPN endpoints.
Ie, 192.168/16
172.16/12
10/8
If there are other private network areas in use, pick a
different set of addresses but still from the ranges above.
2. In your setup you have VPNs:
a. From A to UNI
b. From B to A
c. From C to A
3. Routes:
a. At uni VPN endpoint:
Routes to the B side of A-B's vpn endpoint and C side of
A-C's VPN endpoint via A-side of Uni-A's endpoint
b. At A:
No additional routes needed.
Possibly a route to the entire uni subnet via uni endpoint
and if so, you also need a specific route to the UNI VPN
endpoint out of A's ethernet or else you'll have a routing
loop and your CIPE packets will try to 'retunnel'
c. At B/C:
Routes to uni endpoint via A-side of B-A's endpoint
Possibly routes to entire uni subnet via A-side of
B-A's endpoint
Similar for the C VPN.
Note these routing rules can rapidly get quite complex, and they are a
pain to maintain. In a larger environment, you might try running a
routing daemon.
Seasons greetings to all,
Mark
On Wed, 2003-12-24 at 12:27, Stramigioli, S wrote:
> Dear CIPE experts,
>
> I am new to the list and trying to understand CIPE and get it to work. Does
> anybody have a basic logical description on how get it to work ? The help I
> found was not sufficient to understand it well.
>
> I have the following situation:
>
> 1) 3 machines A,B,C connected to the internet with ADSL.
> 2) My university allows me to connect only with 1 VPN connection, but I
> actually need A,B,C to be all connected.
> 3) Goal: I make a VPN connection to the university with A and tunnel all
> packages for the university from/to B,C through A using other CIPE VPNs.
>
> To use CIPE I thought to do the following:
>
> 1) I installed the CIPE-VPN adapter on all A,B,C. NOTE: they all have the
> same MAC !! Is this ok for arp ?!?!?
> 2) I start ciosrvr on A
> 3) I make PEER to PEER connections A-B and A-C
> 4) I route on B,C all packages for the university to the CIPE-Adapters of B
> and C respectively
>
> If this make sense, how am I going to do this in the folowing ?
>
> 1) Once I have chosen an IP and MASK on A, No GW spec are necessary right ?
> Any tip for an IP ?
> 2) On B,C I suppose I have to define peer to peer connections using the CIPE
> VPN Peer Setting. How should I do this ?
> 3) If B is a laptop and I am in another subnet abroad, how whould I choose
> the IP numbers and configuration to let it work anyway ?
>
> Thanks a lot for your help !
>
>
> - Stefano
>
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
>
> Prof. Stefano Stramigioli, (M.Sc., Ph.D.)
> Associate Professor
>
> Control Engineering Laboratory
> Department of Electrical Engineering
> Faculty of EEMCS
> Drebbel Institute on Mechatronics
>
> Normal Postal Address:
> P.O. Box 217
> NL-7500 AE Enschede
> The Netherlands
>
> Courrier Address:
> de Veltmaat 10
> 7522NM Enschede
> The Netherlands
>
> Tel. +31 (53) 4892794/4892606
> Fax. +31 (53) 4894830/4892223
>
> Email S.Stramigioli,AT,ieee,DOT,org
> WWW: http://www.ce.utwente.nl/smi
>
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
--
Mark Cooke <mpc,AT,star,DOT,sr,DOT,bham,DOT,ac,DOT,uk>