* [LARTC] VPN through PPP
@ 2005-10-11 12:40 Steve Comfort
2005-10-11 19:36 ` /dev/rob0
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Steve Comfort @ 2005-10-11 12:40 UTC (permalink / raw)
To: lartc
Hi all,
This is probably not the right place for this question, but maybe
someone can help me out. I am trying to setup a VPN between two private
addresses, using iproute2 (which is my only excuse for mailing this list).
The setup is as below :
eth0 ppp0
Wireless ppp0 eth0
192.168.200.202 192.168.94.134 <----->
192.168.94.132 192.168.2.200
Both eth0 (strictly ixp1) and ppp0's are on wireless boards that we make.
I have basically followed the VPN Howto and done the following :
ip tunnel add net0 mode gre remote 192.168.2.200 local 192.168.200.202
ttl 255 dev ppp0
ip link set net0 up
ip addr add 192.168.200.202 dev net0
ip route add 192.168.2.0/24 dev net0
I have tried various combinations of the above, using the ppp IP address
for remote and the eth0 for local, etc, etc. (4 possible combinations).
I do the reverse on the other end of the tunnel, but do not see any
traffic over this lot. I am able to ping and ssh between the two
wireless boxes.
I do have a firewall, configured to do NAT on the PPP interface. I have
also tried excluding the destination addresses from being NAt'd but this
didn't make any difference.
Any suggestions would be greatly appreciated.
Best regards
Steve Comfort
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] VPN through PPP
2005-10-11 12:40 [LARTC] VPN through PPP Steve Comfort
@ 2005-10-11 19:36 ` /dev/rob0
2005-10-11 22:39 ` Dariusz Dwornikowski
2005-10-13 18:28 ` BUCHMULLER Norbert
2 siblings, 0 replies; 4+ messages in thread
From: /dev/rob0 @ 2005-10-11 19:36 UTC (permalink / raw)
To: lartc
On Tuesday 2005-October-11 07:40, Steve Comfort wrote:
> The setup is as below :
Your ASCII diagram was not clear.
> I have basically followed the VPN Howto and done the following :
Are you talking about the old one from TLDP?
> Any suggestions would be greatly appreciated.
Perhaps not much help, but I use http://openvpn.org/
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] VPN through PPP
2005-10-11 12:40 [LARTC] VPN through PPP Steve Comfort
2005-10-11 19:36 ` /dev/rob0
@ 2005-10-11 22:39 ` Dariusz Dwornikowski
2005-10-13 18:28 ` BUCHMULLER Norbert
2 siblings, 0 replies; 4+ messages in thread
From: Dariusz Dwornikowski @ 2005-10-11 22:39 UTC (permalink / raw)
To: lartc
you could use openvpn
--
*Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl |
*[JID]:tdi@gentoo.pl|[gg]:2266034|[IRC]:#gentoo-pl@freenode |
*[MAIL]:tdi@pozman.pl|[WWW]:www.tdi.pozman.pl |
*Serwery,administracja,webapps - www.ProAdmin.com.pl |
*Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F |
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] VPN through PPP
2005-10-11 12:40 [LARTC] VPN through PPP Steve Comfort
2005-10-11 19:36 ` /dev/rob0
2005-10-11 22:39 ` Dariusz Dwornikowski
@ 2005-10-13 18:28 ` BUCHMULLER Norbert
2 siblings, 0 replies; 4+ messages in thread
From: BUCHMULLER Norbert @ 2005-10-13 18:28 UTC (permalink / raw)
To: lartc
On Tue, 11 Oct 2005 14:40:10 +0200
Steve Comfort <steve@4dllc.com> wrote:
Hi,
I can't understand your diagram as well. :-(
Let's suppose you have 2 hosts, host A and host B, each has an outer
("public") and an inner ("local") interface. The outer interfaces have the
IP addresses Apub and Bpub respectively, and the inner networks have the
address spaces Aloc and Bloc, respectively. Also we make use of another
pair of IP addresses, for the tunnel interfaces (10.10.10.1 and
10.10.10.2).
Then the right commands would be:
host A:
ip tunnel add net0 mode gre remote <Bpub> local <Apub>
ip address add 10.10.10.1/32 net0
ip link set net0 up
ip route add <Bloc> dev net0
host B:
ip tunnel add net0 mode gre remote <Apub> local <Bpub>
ip address add 10.10.10.2/32 net0
ip link set net0 up
ip route add <Aloc> dev net0
If the tunnel works, you can ping 10.10.10.2 from host A (and 10.10.10.1
from host B), if the routing works also, you can ping the other inner
network from each host.
> I do have a firewall, configured to do NAT on the PPP interface. I have
> also tried excluding the destination addresses from being NAt'd but this
> didn't make any difference.
Just a quick question: you do not filter out GRE (IP protocol 47) on the
firewall? (NATing GRE is a bad idea as well - it does not work AFAIK.)
And don't forget that the GRE tunnel transmits all the traffic
unencrypted, so only use it on a trusted network. (Not even on that.:-)
norbi
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-10-13 18:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-11 12:40 [LARTC] VPN through PPP Steve Comfort
2005-10-11 19:36 ` /dev/rob0
2005-10-11 22:39 ` Dariusz Dwornikowski
2005-10-13 18:28 ` BUCHMULLER Norbert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.