To: cipe-l,AT,inka,DOT,de
Subject: VPN sharing solution
From: "Stramigioli, S" <S.Stramigioli,AT,el,DOT,utwente,DOT,nl>
Date: Fri, 26 Dec 2003 13:06:25 +0100
Cc: Helpdesk,AT,snt,DOT,utwente,DOT,nl

I managed to get my problem solved even if there are still a lot of subtle
things still to do, but I would like to share what I did if somebody needs
sommething similar.

- 2 or more machines: A,B
- A has a personal VPN connection with my university 
- I would like to connect B and other machines in such a way that they
'seem' also university machines like A.

- Install CIPE on A and give it the address (!!)
- Make the VPN connection on A with University and share it for the CIPE
  This will activate a NAT protocol for all packages going through the VPN
and coming from the CIPE peers. One this is done, windows automatically give
ALWAYS the address to the CIPE adapter and I bilieve tries to
run a a DHCP service on that adapter. Clearly this is not necessary, but it
does not create problems. I would very much like to understand how to
configure NAT at a low level in order to tweak the IP datagrams IP number
conversion, but I have not done it yet.
- On B install CIPE and give it a number in the range 192.168.0.*
- On B reroute all packages for the university through the CIPE adapter with
the command
  route <CAMPUS RANGE AND PROPER MASK>, supposing I gave the
number to the CIPE adapter on B, and the game is done !

If anybody has answers to the following I would really appreciate your help.

1) The machine A should at start up, directly make the VPN connection with
the university. I could make a link in the start up of each user, but this
would work only if somebody is logged in. Is it possible to start a standard
Windows VPN connection at bootstrap under Win XP as it is done with a
service ? If yes how ?

2) It seems that the DKV service does not start automatically at bootstrap
even if it should. I have to start it by hand before everything works

3) If I am with the machine B abroad on another network with an IP number I
do not know at priory, how can I dinamically configure the CIPE peer on A
such that it make this possible dinamically ? In other words, is it possible
to create dinamic peers through an identification ?

Thanks a lot !

- Stefano
