<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Mark Cooke <mpc,AT,star,DOT,sr,DOT,bham,DOT,ac,DOT,uk>
Subject: RE: Basics
From: "Stramigioli, S" <S.Stramigioli,AT,el,DOT,utwente,DOT,nl>
Date: Wed, 24 Dec 2003 15:38:26 +0100
Cc: cipe-l,AT,inka,DOT,de

Dear Mark,

I very much appreciate your quick help. I am still struggling in getting at
least a link of 2 machine to work without success so far.

First of all I would like to be sure that the tunneling is working. I have
the following:

** Machine A
LAN adapter (dynamic and working) address LAN-A
CIPE adapter IP=10.0.1.0, mask 255.255.0.0, GW= ????
CIPE PEAR SETTINGS
        Local IP=LAN-A, PORT=9999
        Peer IP=LAN-B, PORT=9999
        Local PTP=10.0.1.1
        Peer PTP Address 10.0.2.1
        Status Enable? checkbox checked
        Cipher=NONE
        The rest Empty  

** Machine B
LAN adapter (dynamic and working) address LAN-B
CIPE adapter IP=10.0.2.1, mask 255.255.0.0, GW= ????
CIPE PEAR SETTINGS
        Local IP=LAN-B, PORT=9999
        Peer IP=LAN-A, PORT=9999
        Local PTP=10.0.2.1
        Peer PTP Address 10.0.1.1
        Status Enable? checkbox checked
        Cipher=NONE
        The rest Empty

If I then try to ping 10.0.2.1 from A it does not work even if I added some
extra routing. On the IP routing level is the CIPE adapter seen as a "real
adapter" How should I consider the routing ? 
Suppose I want that a set of addresses <*RANGE*>  goes to the internet
through B. How should the routing goes ? I suppose should be as follows:

route add <*RANGE*> MASK ... 10.0.1.0

and on B

route add LAN-A 255.255.255.255 10.0.2.1

Is this right?

Thanks and a great holiday to you all!

- Stefano
 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
Prof. Stefano Stramigioli, (M.Sc., Ph.D.)
Associate Professor
 
Control Engineering Laboratory
Department of Electrical Engineering
Faculty of EEMCS
Drebbel Institute on Mechatronics

Normal Postal Address: 
P.O. Box 217
NL-7500 AE Enschede
The Netherlands
 
Courrier Address:
de Veltmaat 10
7522NM Enschede
The Netherlands

Tel. +31 (53) 4892794/4892606 
Fax. +31 (53) 4894830/4892223 
 
Email S.Stramigioli,AT,ieee,DOT,org
WWW: http://www.ce.utwente.nl/smi

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

> -----Original Message-----
> From: Mark Cooke [mailto:mpc,AT,star,DOT,sr,DOT,bham,DOT,ac,DOT,uk 
> Sent: woensdag 24 december 2003 14:08
> To: Stramigioli, S
> Cc: cipe-l,AT,inka,DOT,de; Helpdesk,AT,snt,DOT,utwente,DOT,nl
> Subject: Re: Basics
> 
> Tips:
> 
> 1. Use RFC 1918 addresses for your VPN endpoints.
>    Ie, 192.168/16
>        172.16/12
>        10/8
> 
>    If there are other private network areas in use, pick a
>    different set of addresses but still from the ranges above.
> 
> 2. In your setup you have VPNs:
> 
>    a.   From A to UNI
>    b.   From B to A
>    c.   From C to A
> 
> 3. Routes:
> 
>    a.   At uni VPN endpoint:
> 
>         Routes to the B side of A-B's vpn endpoint and C side of
>         A-C's VPN endpoint via A-side of Uni-A's endpoint
> 
>    b.   At A:
> 
>         No additional routes needed.
> 
>         Possibly a route to the entire uni subnet via uni endpoint
>         and if so, you also need a specific route to the UNI VPN
>         endpoint out of A's ethernet or else you'll have a routing
>         loop and your CIPE packets will try to 'retunnel'
> 
>    c.   At B/C:
> 
>         Routes to uni endpoint via A-side of B-A's endpoint
>       Possibly routes to entire uni subnet via A-side of
>         B-A's endpoint
> 
>         Similar for the C VPN.
> 
> Note these routing rules can rapidly get quite complex, and 
> they are a pain to maintain.  In a larger environment, you 
> might try running a routing daemon.
> 
> Seasons greetings to all,
> 
> Mark
> 
> On Wed, 2003-12-24 at 12:27, Stramigioli, S wrote:
> > Dear CIPE experts,
> > 
> > I am new to the list and trying to understand CIPE and get 
> it to work. 
> > Does anybody have a basic logical description on how get it 
> to work ? 
> > The help I found was not sufficient to understand it well.
> > 
> > I have the following situation:
> > 
> > 1) 3 machines A,B,C connected to the internet with ADSL.
> > 2) My university allows me to connect only with 1 VPN 
> connection, but 
> > I actually need A,B,C to be all connected.
> > 3) Goal: I make a VPN connection to the university with A 
> and tunnel 
> > all packages for the university from/to B,C through A using 
> other CIPE VPNs.
> > 
> > To use CIPE I thought to do the following:
> > 
> > 1) I installed the CIPE-VPN adapter on all A,B,C. NOTE: 
> they all have 
> > the same MAC !! Is this ok for arp ?!?!?
> > 2) I start ciosrvr on A
> > 3) I make PEER to PEER connections A-B and A-C
> > 4) I route on B,C all packages for the university to the 
> CIPE-Adapters 
> > of B and C respectively
> > 
> > If this make sense, how am I going to do this in the folowing ?
> > 
> > 1) Once I have chosen an IP and MASK on A, No GW spec are 
> necessary right ?
> > Any tip for an IP ?
> > 2) On B,C I suppose I have to define peer to peer connections using 
> > the CIPE VPN Peer Setting. How should I do this ?
> > 3) If B is a laptop and I am in another subnet abroad, how whould I 
> > choose the IP numbers and configuration to let it work anyway ?
> > 
> > Thanks a lot for your help !
> > 
> > 
> > - Stefano
> >  
> > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> >  
> > Prof. Stefano Stramigioli, (M.Sc., Ph.D.) Associate Professor
> >  
> > Control Engineering Laboratory
> > Department of Electrical Engineering
> > Faculty of EEMCS
> > Drebbel Institute on Mechatronics
> > 
> > Normal Postal Address: 
> > P.O. Box 217
> > NL-7500 AE Enschede
> > The Netherlands
> >  
> > Courrier Address:
> > de Veltmaat 10
> > 7522NM Enschede
> > The Netherlands
> > 
> > Tel. +31 (53) 4892794/4892606
> > Fax. +31 (53) 4894830/4892223
> >  
> > Email S.Stramigioli,AT,ieee,DOT,org
> > WWW: http://www.ce.utwente.nl/smi
> > 
> > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> > 
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body 
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive: 
> > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> --
> Mark Cooke <mpc,AT,star,DOT,sr,DOT,bham,DOT,ac,DOT,uk>
> 
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 


<< | Thread Index | >> ]    [ << | Date Index | >> ]