[ << | Thread Index | >> ]    [ << | Date Index | >> ]

To: Robin Harwani <robin.harwani,AT,gmail,DOT,com>
Subject: Re: cipe real ip
From: Andreas Billmeier <b,AT,edevau,DOT,net>
Date: Wed, 1 Jun 2005 09:49:51 +0200
Cc: cipe-l,AT,inka,DOT,de
In-reply-to: <9b81854b050531221974a5b45a@mail.gmail.com>
Organization: Ede Vau & Partner
References: <20050531125354.1f4c83c2@obelixx.edevau.net><200505311647.10576.florian@alphacore.net><20050531180433.23f8971a@obelixx.edevau.net><9b81854b05053111577ff999a6@mail.gmail.com><20050531225220.72a50351@obelixx.edevau.net><9b81854b050531221974a5b45a@mail.gmail.com>

On Wed, 1 Jun 2005 10:49:54 +0530 Robin Harwani 
<robin.harwani,AT,gmail,DOT,com> wrote:

> real ip is the ip which is not an internal ip in the network for 
> e.g.10.10.1.1 is a internal ip of the network 
> so can cipe be configured from such an ip.
> im new to vpn s as m into final year engineering and im doin a project on 
> "remote server configuration on linux vpn ".

hi,

if your question is if it´s possible to connect a tunnel with cipe when the 
external interfaces are behind routers,
your routers do something like NAT oder Adress-Translation, then here we go:

if you have no access to the router, simply use openvpn, it connects via TCP.

If you have access to the router, it is possible do do this with cipe,
you only have to forward cipe´s udp-port from the external interface to the 
host the cipe peer is running at.

An example:

Your (internal) cipe-peer is at 192.168.32.253, the remote network is 
192.168.33.0/24
your cipe.conf looks like this:

device cipcb0
dynip
ptpaddr 192.168.33.253
ipaddr  192.168.32.253
cttl=64
me      0.0.0.0:19981
peer    cipe.remote.net:19981
maxerr -1

you now must forward all udp 19981 from your routers external interface to 
192.168.32.253:19981
your cipe hosts has to have a route to cipe.remote.net via the same router.
if your borderrouter is a linux box at 192.168.32.254, you could do this for 
exp. with:

EXTIF=ppp0
iptables -t nat -A PREROUTING -i $EXT_IF -p udp --sport 19981 --dport 19981 
-j DNAT --to 192.168.32.253:19981

# on the cipe box:
ip route add cipe.remote.net via 192.168.32.254
ip route add 192.168.33.0/24 via 192.168.33.253 dev cipcb0

I have one peer like that running behind a dialup dsl line,
there are problems if the (in this case dynamically assigned) external ip 
changes.
I have a timed script running to force this change once a day in the early 
morning,
this script kills and restarts the tunnel at the same time.

By the Way, please, send your questions to the list,
there are some other opinions for sure.

ys
\B.


[ << | Thread Index | >> ]    [ << | Date Index | >> ]