<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "'Andreas Grabner'" <andreas,AT,grabner-it,DOT,at>
Subject: RE: Routing between VPN subnets
From: "Mark" <msalists,AT,gmx,DOT,net>
Date: Wed, 8 Dec 2004 09:37:29 -0800
Cc: <cipe-l,AT,inka,DOT,de>
Importance: Normal
In-reply-to: <20041208071446.GA2940@utanet.at>

Well, it works if I add the respective routing to each machine at location A
and location B.
I just wanted to avoid having to setup special routing on each computer, I
just wanted to do a routing in the router itself and that's it.
But I guess that only works if I NAT the real origin IP back to the
corresponding VPN IP in the router, which will be a pain as well -
especially since there is already a whole bunch of other mapping going on in
that router...

So I guess I will just configure the routing everywhere for now...

Thanks,

MARK

> -----Original Message-----
> From: Andreas Grabner [mailto:grabner,AT,grabner-it,DOT,at On 
> Behalf Of Andreas Grabner
> Sent: Tuesday, December 07, 2004 11:15 PM
> To: Mark
> Subject: Re: Routing between VPN subnets
> 
> 
> Hi,
> 
>  have the same setup and it works, so make shure there is no mistake.
>  
> On Mon, Dec 06, 2004 at 09:44:54AM -0800, Mark wrote:
> > Both locations have static real official IPs. I then 
> introduced local IPs
> > (192.168.1.0/24 for location A and 192.168.101/24 for 
> location B). The
> > router in location A has the special routing that sends all 
> the traffic with
> > a 192.168.101.0/24 destination through the tunnel access 
> point. The other
> > side is set up identically. However, my problem is that 
> traffic going from
> > the nodes in location A still has the official real IP as 
> origin IP, not the
> > VPN IP. So on the way back, instead of taking the tunnel 
> again, location B
> > sends the response to the official address rather than the 
> VPN address of
> > location A, because the official location A Ips don't get 
> routed through the
> > tunnel. This causes the response to be lost.
> 
> i would do routing lije this:
> 
> Location A:
> route add -net 192.168.101.0/24 gw "cipe_ppp_adress"  # where
> cipe_ppp_adress should be also an local address.
> 
> Location B: 
> route add -net 192.168.1.0/24 gw "This-site-cipe_ppp_adress"
> 
> cipes ppp address is shown with
> ifconfig cipcb0
> 
> do your Cipe interface a transit network?
> 
> hth
> Andreas Grabner
> 


<< | Thread Index | >> ]    [ << | Date Index | >> ]