[LARTC] Testing IP Tunnel (IPIP) on Private Network

[LARTC] Testing IP Tunnel (IPIP) on Private Network

[kaiwen]

[-- Attachment #1: Type: text/plain, Size: 924 bytes --]

Hi, 

Does IP Tunnel (IPIP) works on Provate Network.

I read some howtos, most network which implement IP Tunnel (IPIP) are as below:-

(LAN) Router A ----- Internet ------- Router B (LAN) 

(1) IP Tunnel is build up from Router A to Router B
(2) Host behind Router A can communicate with host behind Router B

Looking at this network, I have to configure 2 Routers, both uses different Gateway to Internet.
The problem is, I have access to only one Router. :(



Can I simulate IP Tunnel using the following Network?

(LAN) Router A ----- Router C ------- Router B (LAN) 

(1) All routers ar on Private Network
(2) Using 3 Routers, I can segment 3 networks
(3) IP Tunnel is build from ROuter A to ROuter B

Please advice. Let me know if I got Ip Tunnel (using IPIP) concept wrong. 
I tried on the second network diagram using "ip tunnel" and "ip route", but is not working.

Thank you,
Calvin

[-- Attachment #2: Type: text/html, Size: 2294 bytes --]

[LARTC] Testing IP Tunnel (IPIP) on Private Network

[Claudiu Pruna]

The problem is that each router on each end of a tunnel, respectively
decapsulating the ip packets received from its tunnel peer end, so if
you can configure only one router, there is no one to decapsulate the
tunneling information received from router A. A good try for you should
be trying a third router as you have mentioned, behind the router you
don't have access to

Hi, 

Does IP Tunnel (IPIP) works on Provate Network.

I read some howtos, most network which implement IP Tunnel (IPIP) are as below:-

(LAN) Router A ----- Internet ------- Router B (LAN) 

(1) IP Tunnel is build up from Router A to Router B
(2) Host behind Router A can communicate with host behind Router B

Looking at this network, I have to configure 2 Routers, both uses different Gateway to Internet.
The problem is, I have access to only one Router. :(



Can I simulate IP Tunnel using the following Network?

(LAN) Router A ----- Router C ------- Router B (LAN) 

(1) All routers ar on Private Network
(2) Using 3 Routers, I can segment 3 networks
(3) IP Tunnel is build from ROuter A to ROuter B

Please advice. Let me know if I got Ip Tunnel (using IPIP) concept wrong. 
I tried on the second network diagram using "ip tunnel" and "ip route", but is not working.

Thank you,
Calvin
-- 
Claudiu Pruna <claudiu@net-go.net>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network

[kaiwen]

Hi,

Hmmm, I will go on testing with Network Diagram B, hwre ethere is a presence
of a third router.
My first try on testing shows failure. I can see activity in Tx, but not Rx.

Question:
(1) If it is a Tunnel, is setting up proper route between those routers
important?

Sorry for late reply, was bz with some other stuffs. WIll get back wif any
new findings :)

Thank you
Calvin

----- Original Message -----
From: "Claudiu Pruna" <claudiu@net-go.net>
To: <cal_kaiwen@hotmail.com>
Cc: <lartc@mailman.ds9a.nl>
Sent: Tuesday, February 10, 2004 3:00 PM
Subject: [LARTC] Testing IP Tunnel (IPIP) on Private Network


> The problem is that each router on each end of a tunnel, respectively
> decapsulating the ip packets received from its tunnel peer end, so if
> you can configure only one router, there is no one to decapsulate the
> tunneling information received from router A. A good try for you should
> be trying a third router as you have mentioned, behind the router you
> don't have access to
>
> Hi, 
>
> Does IP Tunnel (IPIP) works on Provate Network.
>
> I read some howtos, most network which implement IP Tunnel (IPIP) are as > below:-
>
> (LAN) Router A ----- Internet ------- Router B (LAN) 
>
> (1) IP Tunnel is build up from Router A to Router B
> (2) Host behind Router A can communicate with host behind Router B
>
> Looking at this network, I have to configure 2 Routers, both uses > different Gateway to Internet.
> The problem is, I have access to only one Router. :(
>
>
>
> Can I simulate IP Tunnel using the following Network?
>
> (LAN) Router A ----- Router C ------- Router B (LAN) 
>
> (1) All routers ar on Private Network
> (2) Using 3 Routers, I can segment 3 networks
> (3) IP Tunnel is build from ROuter A to ROuter B
>
> Please advice. Let me know if I got Ip Tunnel (using IPIP) concept > wrong. 
> I tried on the second network diagram using "ip tunnel" and "ip route", > but is not working.
>
> Thank you,
> Calvin
> --
> Claudiu Pruna <claudiu@net-go.net>
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network

[kaiwen]

Hi,

Now I get my chance to look at this approach again.

I took a look at your diagram, I have got questions:-

(1) For Router A, eth0 is xxx.yyy.zzz.ttt, eth1 192.168.1.1/24.
So, which interface holds the IP of 192.168.3.1/30?

Same ad Router B...

(2) For Router B, eth0 is bbb.ccc.ddd.eee, eth1 192.168.2.1/24.
So, which interface holds the IP of 192.168.3.2/30?

Please advice.

Thank you.
Calvin

----- Original Message -----
From: "Claudiu Pruna" <claudiu@net-go.net>
To: "kaiwen" <cal_kaiwen@hotmail.com>
Sent: Monday, February 16, 2004 4:52 PM
Subject: Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network


> The point is that I am not sure that tunneling will cross nat, if the
> middle router is doing nat for your lan, if it does, than I suggest
> using other kind of tunneling, like openvpn which you can find at
> http://openvpn.sf.net. What I want to say is that best for you is to
> have both ends of the tunnel on routers with routable ip's. So let's
> consider this:
>
>
>     192.168.1.1/24  xxx.yyy.zzz.ttt         bbb.ccc.ddd.eee
>           eth1                                              eth1
> +-----+   +----------+ eth0                   eth0+----------+   +-----+
> | Lan1|<->| Router A | <============> | Router B |<->|LAN 2|
> +-----+   +----------+        INTERNET            +----------+   +-----+
>                                                           192.168.2.1/24
>                ^                                       ^
>                |       IPIP Tunnel                     |
>                +====================+
>           192.168.3.1/30                           192.168.3.2/30
>
>
> On router A:
> ip tunnel add mylan local xxx.yyy.zzz.ttt remote bbb.ccc.ddd.eee ttl 255
> ip address add mylan 192.168.3.1 peer 192.168.3.2 dev mylan
> ip link set mylan up
> ip route add 192.168.2.0/24 via 192.168.3.2
>
>
> On router B:
> ip tunnel add mylan local bbb.ccc.ddd.eee remote xxx.yyy.zzz.ttt ttl 255
> ip address add mylan 192.168.3.2 peer 192.168.3.1 dev mylan
> ip link set mylan up
> ip route add 192.168.1.0/24 via 192.168.3.1
>
>
>
> The ideea is that the new crated interfaces (tunnel ends) have their ip
> address which are used as gateways to reach the other end LAN
>
>
>
> If you don't have root access on Router B, than the solution left is
> another router (Router C) between Router B and LAN 2. And here you have
> two cases:
>
> 1) If Router C will have routable ip address, than, everithing is as
> above, but you do all the mess on Router C instead of Router B.
>
> 2) If Router C is behind NAT, than you shure do have to check on openvpn
> or some other kind of tunneling that works on sockets and which pass
> through nat, and considering you use openvpn, on router A use the
> "--float" option and don't specify an remote address.
>
>
> That's about it.
>
> Bye
>
>
> On Fri, 2004-02-13 at 12:27, kaiwen wrote:
> > Hi,
> >
> > Hmmm, I will go on testing with Network Diagram B, hwre ethere is a
presence
> > of a third router.
> > My first try on testing shows failure. I can see activity in Tx, but not
Rx.
> >
> > Question:
> > (1) If it is a Tunnel, is setting up proper route between those routers
> > important?
> >
> > Sorry for late reply, was bz with some other stuffs. WIll get back wif
any
> > new findings :)
> >
> > Thank you
> > Calvin
> >
> > ----- Original Message -----
> > From: "Claudiu Pruna" <claudiu@net-go.net>
> > To: <cal_kaiwen@hotmail.com>
> > Cc: <lartc@mailman.ds9a.nl>
> > Sent: Tuesday, February 10, 2004 3:00 PM
> > Subject: [LARTC] Testing IP Tunnel (IPIP) on Private Network
> >
> >
> > > The problem is that each router on each end of a tunnel, respectively
> > > decapsulating the ip packets received from its tunnel peer end, so if
> > > you can configure only one router, there is no one to decapsulate the
> > > tunneling information received from router A. A good try for you
should
> > > be trying a third router as you have mentioned, behind the router you
> > > don't have access to
> > >
> > > Hi, 
> > >
> > > Does IP Tunnel (IPIP) works on Provate Network.
> > >
> > > I read some howtos, most network which implement IP Tunnel (IPIP) are
as > > > below:-
> > >
> > > (LAN) Router A ----- Internet ------- Router B (LAN) 
> > >
> > > (1) IP Tunnel is build up from Router A to Router B
> > > (2) Host behind Router A can communicate with host behind Router B
> > >
> > > Looking at this network, I have to configure 2 Routers, both uses > > > different Gateway to Internet.
> > > The problem is, I have access to only one Router. :(
> > >
> > >
> > >
> > > Can I simulate IP Tunnel using the following Network?
> > >
> > > (LAN) Router A ----- Router C ------- Router B (LAN) 
> > >
> > > (1) All routers ar on Private Network
> > > (2) Using 3 Routers, I can segment 3 networks
> > > (3) IP Tunnel is build from ROuter A to ROuter B
> > >
> > > Please advice. Let me know if I got Ip Tunnel (using IPIP) concept > > > wrong. 
> > > I tried on the second network diagram using "ip tunnel" and "ip
route", > > > but is not working.
> > >
> > > Thank you,
> > > Calvin
> > > --
> > > Claudiu Pruna <claudiu@net-go.net>
> > >
> > >
> --
> Claudiu Pruna
> GPS Birotic SRL
> Network Administrator
> mail: claudiu.pruna@gpsnet.ro
> web: http://www.gpsnet.ro
> tel: +40.21.231.59.79
> fax: +40.21.231.59.78
> mobil: +40.0723.63.89.89
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network

[kaiwen]

Hi,

Thank you for the reply :)
Yes, now I understand what are 192.168.3.1/30 and 192.168.3.2/30 for.

Unfortunately, when I apply on the testbed, I did not get the result I
wanted.
Must be something wrong with my configuration.

I did it using 3 Routers, as I have no control over another Router (tunnel
ends) on Internet.

Network Diagram:
LAN A -- (192.168.8.88/24) Router A (192.168.250.197) -- (192.168.250.195)
Router C (192.168.11.188) -- (192.168.11.1) Router B (192.168.2.1) -- LAN B

Configuration:
On Router A:
Default Gateway 192.168.250.195
ip tunnel add tunl1 mode ipip local 192.168.250.197 remote 192.168.11.1 ttl
255
ip address add 192.168.3.1 peer 192.168.3.2 dev tunl1
ip link set tunl1 up
ip route add 192.168.2.0/24 via 192.168.3.2

On Router A:
Default Gateway 192.168.11.188
ip tunnel add tunl1 mode ipip local 192.168.11.1 remote 192.168.250.197 ttl
255
ip address add 192.168.3.2 peer 192.168.3.1 dev tunl1
ip link set tunl1 up
ip route add 192.168.8.0/24 via 192.168.3.1

On Router C:
Default Gateway A 192.168.11.1
Default Gateway B 192.168.250.197

Result:
Ping from Router A to 192.168.2.1 failed. I can see Bytes transfered in TX
mode, but nothing in RX, which is quite true since my ping fails.

Please advice.

Best regards,
Calvin

----- Original Message -----
From: "Claudiu Pruna" <claudiu@net-go.net>
To: "kaiwen" <cal_kaiwen@hotmail.com>
Sent: Thursday, February 26, 2004 5:09 PM
Subject: Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network


> Hi,
>
> the tunnel interface holds those addresses, you must think at the tunnel
> as of one new network interface on each router.
>
> kaiwen wrote:
> > Hi,
> >
> > Now I get my chance to look at this approach again.
> >
> > I took a look at your diagram, I have got questions:-
> >
> > (1) For Router A, eth0 is xxx.yyy.zzz.ttt, eth1 192.168.1.1/24.
> > So, which interface holds the IP of 192.168.3.1/30?
> >
> > Same ad Router B...
> >
> > (2) For Router B, eth0 is bbb.ccc.ddd.eee, eth1 192.168.2.1/24.
> > So, which interface holds the IP of 192.168.3.2/30?
> >
> > Please advice.
> >
> > Thank you.
> > Calvin
> >
> > ----- Original Message -----
> > From: "Claudiu Pruna" <claudiu@net-go.net>
> > To: "kaiwen" <cal_kaiwen@hotmail.com>
> > Sent: Monday, February 16, 2004 4:52 PM
> > Subject: Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network
> >
> >
> >
> >>The point is that I am not sure that tunneling will cross nat, if the
> >>middle router is doing nat for your lan, if it does, than I suggest
> >>using other kind of tunneling, like openvpn which you can find at
> >>http://openvpn.sf.net. What I want to say is that best for you is to
> >>have both ends of the tunnel on routers with routable ip's. So let's
> >>consider this:
> >>
> >>
> >>    192.168.1.1/24  xxx.yyy.zzz.ttt         bbb.ccc.ddd.eee
> >>          eth1                                              eth1
> >>+-----+   +----------+ eth0                   eth0+----------+   +-----+
> >>| Lan1|<->| Router A | <============> | Router B |<->|LAN 2|
> >>+-----+   +----------+        INTERNET            +----------+   +-----+
> >>                                                          192.168.2.1/24
> >>               ^                                       ^
> >>               |       IPIP Tunnel                     |
> >>               +====================+
> >>          192.168.3.1/30                           192.168.3.2/30
> >>
> >>
> >>On router A:
> >>ip tunnel add mylan local xxx.yyy.zzz.ttt remote bbb.ccc.ddd.eee ttl 255
> >>ip address add mylan 192.168.3.1 peer 192.168.3.2 dev mylan
> >>ip link set mylan up
> >>ip route add 192.168.2.0/24 via 192.168.3.2
> >>
> >>
> >>On router B:
> >>ip tunnel add mylan local bbb.ccc.ddd.eee remote xxx.yyy.zzz.ttt ttl 255
> >>ip address add mylan 192.168.3.2 peer 192.168.3.1 dev mylan
> >>ip link set mylan up
> >>ip route add 192.168.1.0/24 via 192.168.3.1
> >>
> >>
> >>
> >>The ideea is that the new crated interfaces (tunnel ends) have their ip
> >>address which are used as gateways to reach the other end LAN
> >>
> >>
> >>
> >>If you don't have root access on Router B, than the solution left is
> >>another router (Router C) between Router B and LAN 2. And here you have
> >>two cases:
> >>
> >>1) If Router C will have routable ip address, than, everithing is as
> >>above, but you do all the mess on Router C instead of Router B.
> >>
> >>2) If Router C is behind NAT, than you shure do have to check on openvpn
> >>or some other kind of tunneling that works on sockets and which pass
> >>through nat, and considering you use openvpn, on router A use the
> >>"--float" option and don't specify an remote address.
> >>
> >>
> >>That's about it.
> >>
> >>Bye
> >>
> >>
> >>On Fri, 2004-02-13 at 12:27, kaiwen wrote:
> >>
> >>>Hi,
> >>>
> >>>Hmmm, I will go on testing with Network Diagram B, hwre ethere is a
> >
> > presence
> >
> >>>of a third router.
> >>>My first try on testing shows failure. I can see activity in Tx, but
not
> >
> > Rx.
> >
> >>>Question:
> >>>(1) If it is a Tunnel, is setting up proper route between those routers
> >>>important?
> >>>
> >>>Sorry for late reply, was bz with some other stuffs. WIll get back wif
> >
> > any
> >
> >>>new findings :)
> >>>
> >>>Thank you
> >>>Calvin
> >>>
> >>>----- Original Message -----
> >>>From: "Claudiu Pruna" <claudiu@net-go.net>
> >>>To: <cal_kaiwen@hotmail.com>
> >>>Cc: <lartc@mailman.ds9a.nl>
> >>>Sent: Tuesday, February 10, 2004 3:00 PM
> >>>Subject: [LARTC] Testing IP Tunnel (IPIP) on Private Network
> >>>
> >>>
> >>>
> >>>>The problem is that each router on each end of a tunnel, respectively
> >>>>decapsulating the ip packets received from its tunnel peer end, so if
> >>>>you can configure only one router, there is no one to decapsulate the
> >>>>tunneling information received from router A. A good try for you
> >
> > should
> >
> >>>>be trying a third router as you have mentioned, behind the router you
> >>>>don't have access to
> >>>>
> >>>>Hi, 
> >>>>
> >>>>Does IP Tunnel (IPIP) works on Provate Network.
> >>>>
> >>>>I read some howtos, most network which implement IP Tunnel (IPIP) are
> >
> > as > >
> >>>>below:-
> >>>>
> >>>>(LAN) Router A ----- Internet ------- Router B (LAN) 
> >>>>
> >>>>(1) IP Tunnel is build up from Router A to Router B
> >>>>(2) Host behind Router A can communicate with host behind Router B
> >>>>
> >>>>Looking at this network, I have to configure 2 Routers, both uses > >>>>different Gateway to Internet.
> >>>>The problem is, I have access to only one Router. :(
> >>>>
> >>>>
> >>>>
> >>>>Can I simulate IP Tunnel using the following Network?
> >>>>
> >>>>(LAN) Router A ----- Router C ------- Router B (LAN) 
> >>>>
> >>>>(1) All routers ar on Private Network
> >>>>(2) Using 3 Routers, I can segment 3 networks
> >>>>(3) IP Tunnel is build from ROuter A to ROuter B
> >>>>
> >>>>Please advice. Let me know if I got Ip Tunnel (using IPIP) concept > >>>>wrong. 
> >>>>I tried on the second network diagram using "ip tunnel" and "ip
> >
> > route", > >
> >>>>but is not working.
> >>>>
> >>>>Thank you,
> >>>>Calvin
> >>>>--
> >>>>Claudiu Pruna <claudiu@net-go.net>
> >>>>
> >>>>
> >>--
> >>Claudiu Pruna
> >>GPS Birotic SRL
> >>Network Administrator
> >>mail: claudiu.pruna@gpsnet.ro
> >>web: http://www.gpsnet.ro
> >>tel: +40.21.231.59.79
> >>fax: +40.21.231.59.78
> >>mobil: +40.0723.63.89.89
> >>
> >>
>
> --
> Claudiu Pruna
> mail: claudiu@net-go.net
> web: http://www.net-go.net
> tel: +40.723.63.89.89
> fax: +40.723.63.89.89
> mobil: +40.723.63.89.89
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/