Robin Harwani <robin.harwani,AT,gmail,DOT,com>|
Re: cipe real ip|
Andreas Billmeier <b,AT,edevau,DOT,net>|
Wed, 1 Jun 2005 09:49:51 +0200|
Ede Vau & Partner|
On Wed, 1 Jun 2005 10:49:54 +0530 Robin Harwani
> real ip is the ip which is not an internal ip in the network for
> e.g.10.10.1.1 is a internal ip of the network
> so can cipe be configured from such an ip.
> im new to vpn s as m into final year engineering and im doin a project on
> "remote server configuration on linux vpn ".
if your question is if it´s possible to connect a tunnel with cipe when the
external interfaces are behind routers,
your routers do something like NAT oder Adress-Translation, then here we go:
if you have no access to the router, simply use openvpn, it connects via TCP.
If you have access to the router, it is possible do do this with cipe,
you only have to forward cipe´s udp-port from the external interface to the
host the cipe peer is running at.
Your (internal) cipe-peer is at 192.168.32.253, the remote network is
your cipe.conf looks like this:
you now must forward all udp 19981 from your routers external interface to
your cipe hosts has to have a route to cipe.remote.net via the same router.
if your borderrouter is a linux box at 192.168.32.254, you could do this for
iptables -t nat -A PREROUTING -i $EXT_IF -p udp --sport 19981 --dport 19981
-j DNAT --to 192.168.32.253:19981
# on the cipe box:
ip route add cipe.remote.net via 192.168.32.254
ip route add 192.168.33.0/24 via 192.168.33.253 dev cipcb0
I have one peer like that running behind a dialup dsl line,
there are problems if the (in this case dynamically assigned) external ip
I have a timed script running to force this change once a day in the early
this script kills and restarts the tunnel at the same time.
By the Way, please, send your questions to the list,
there are some other opinions for sure.