[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [rhn-users] vpn cipe help

From: "Bob Shaw" <bobshaw-rhn ludemic com>
To: <rhn-users redhat com>
Subject: Re: [rhn-users] vpn cipe help
Date: Thu, 10 Jul 2003 12:07:15 -0400

----- Original Message ----- 
From: "John Carew" <jon_carev yahoo com>
To: <rhn-users redhat com>
Sent: Thursday, July 10, 2003 11:15 AM
Subject: [rhn-users] vpn cipe help


> Hello. I want to make the folowing network
> configuration.
>
> Machine A with
>
> eth0-ip_real1
> eth1-192.168.0.1
> cibcb0-ip_real_vpn_1
>
> Machine B with
>
> eth0-ip_real2
> cipcb0-ip_real_vpn_2
>
>
> Machine A and machine B have diferent ISP. Machine A
> has a local network behind it(192.168.0.0/24).
> ip_real_vpn_1 and ip_real_vpn_2 are routed by ISP2.
> I want all the traffic from machine A to have the
> folowing route:
> LocalNetwork->MachineA->GatewayA->Internet->MachineB->
> Gateway2->Internet.
> For this i configured a VPN , between machineA and
> machineB. I probed the VPN with pings between both
> ends and it works.
> I tried to add the folowing routes on machine A:
> -a host route to ip_real_2 with gateway GatewayA
> -a default route with gateway ip_real_vpn_2
> Well ,when i add these routes , the tunel is breaking
> and i see in /var/log/messages the folowing line
>  ciped-cb[2052]: kxchg: recv: Connection refused
> Ok, this is the first problem. The second problem is
> this: i can reach from internet ip_real_vpn2 , but i
> can't reach ip_real_vpn_1. ip_real_vpn_1 and
> ip_real_vpn_2 are routed by ISP2, and here is the
> problem, but what should i do to reach ip_real_vpn_1
> through ip_real_vpn_2. I realy need your help.
>
> Thanks very much.
>

Each cipe interface needs 4 addresses:

IPADDR :interface address, will be the PTPADDR on the remote cipe
interface,most people use rfc1597 addresses (10.*.*.*, 192.168.*.*, etc.)
ex: 10.0.0.1

PTPADDR : distant end interface address, will be the 'IPADDR' on the remote
cipe interface ex: 10.0.1.1

me : Tunnel end point, ISP public address, will be the 'peer' on the remote
cipe interface ex: frodo.ford.com:1000

peer: Remote tunnel end point, ISP 2 public address, will be 'me' on the
remote cipe interface ex: bilbo.gmc.com:10000


you'll need to make a route from Machine A to the network at Machine B using
the PTPADDR of the cipe interface on Machine A. and a reciprocal route on
machine B

route add -net <network b) netmask <whatever> gw <PTPADDR>

If you are using NAT, you will have to make sure your vpn traffic is not
translated.

Follow-Ups:
- Re: [rhn-users] vpn cipe help
  - From: John Carew

References:
- [rhn-users] vpn cipe help
  - From: John Carew

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]