Re: [rhn-users] vpn cipe help

[John Carew <jon_carev yahoo com>]

> 
> > Hello. I want to make the folowing network
> > configuration.
> >
> > Machine A with
> >
> > eth0-ip_real1
> > eth1-192.168.0.1
> > cibcb0-ip_real_vpn_1
> >
> > Machine B with
> >
> > eth0-ip_real2
> > cipcb0-ip_real_vpn_2
> >
> >
> > Machine A and machine B have diferent ISP. Machine
> A
> > has a local network behind it(192.168.0.0/24).
> > ip_real_vpn_1 and ip_real_vpn_2 are routed by
> ISP2.
> > I want all the traffic from machine A to have the
> > folowing route:
> >
>
LocalNetwork->MachineA->GatewayA->Internet->MachineB->
> > Gateway2->Internet.
> > For this i configured a VPN , between machineA and
> > machineB. I probed the VPN with pings between both
> > ends and it works.
> > I tried to add the folowing routes on machine A:
> > -a host route to ip_real_2 with gateway GatewayA
> > -a default route with gateway ip_real_vpn_2
> > Well ,when i add these routes , the tunel is
> breaking
> > and i see in /var/log/messages the folowing line
> >  ciped-cb[2052]: kxchg: recv: Connection refused
> > Ok, this is the first problem. The second problem
> is
> > this: i can reach from internet ip_real_vpn2 , but
> i
> > can't reach ip_real_vpn_1. ip_real_vpn_1 and
> > ip_real_vpn_2 are routed by ISP2, and here is the
> > problem, but what should i do to reach
> ip_real_vpn_1
> > through ip_real_vpn_2. I realy need your help.
> >

 
> Each cipe interface needs 4 addresses:
> 
> IPADDR :interface address, will be the PTPADDR on
> the remote cipe
> interface,most people use rfc1597 addresses
> (10.*.*.*, 192.168.*.*, etc.)
> ex: 10.0.0.1
> 
> PTPADDR : distant end interface address, will be the
> 'IPADDR' on the remote
> cipe interface ex: 10.0.1.1
> 
> me : Tunnel end point, ISP public address, will be
> the 'peer' on the remote
> cipe interface ex: frodo.ford.com:1000
> 
> peer: Remote tunnel end point, ISP 2 public address,
> will be 'me' on the
> remote cipe interface ex: bilbo.gmc.com:10000
> 
> 
> you'll need to make a route from Machine A to the
> network at Machine B using
> the PTPADDR of the cipe interface on Machine A. and
> a reciprocal route on
> machine B
> 
> route add -net <network b) netmask <whatever> gw
> <PTPADDR>
> 
> If you are using NAT, you will have to make sure
> your vpn traffic is not
> translated.
Ok, this doesn't resolve my problem. 
I want that all the traffic of machine A to and from
internet to pass through machine B. And network b
DOESN'T EXIST. 
If i have configured for vpn 10.0.0.1 on machine A,
and 10.0.0.2 on machine B, i want to change the
default route on machine A to gateway 10.0.0.2, so ALL
the traffic from machine a TO PASS THROUGH machine B. 
I want to add on machine A a route something like that
: 
/sbin/route add -host ip_real_2 gw  GATEWAY1
/sbin/route del default gw GATEWAY1 && route add
default gw 10.0.0.2

Any ideas how can i make this to work?
Thanks.


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com