From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ray Leach <raymondl@knowledgefactory.co.za>
Subject: Re: help needed-VPN
Date: 27 May 2003 12:15:38 +0200
Sender: netfilter-admin@lists.netfilter.org
Message-ID: <1054030538.13730.39.camel@raylinux.internal>
References: <000101c32433$e1c08b10$0223a8c0@satconet.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-UAGO5kEv2l9XERuGg6p3"
Return-path: <netfilter-admin@lists.netfilter.org>
In-Reply-To: <000101c32433$e1c08b10$0223a8c0@satconet.com>
Errors-To: netfilter-admin@lists.netfilter.org
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: <https://lists.netfilter.org/pipermail/netfilter/>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>


--=-UAGO5kEv2l9XERuGg6p3
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi

On Tue, 2003-05-27 at 11:39, Steven Mugassa wrote:
> Hello,
>=20
> I'm trying to implement VPN of two remote LANs(LAN A & LAN B) using CIPE =
(on
> RedHat 9.0). I have tried to follow instructions from "CIPE-How to" from
> tldp.org and it seems to work (the machines on the two LANs can ping &
> traceroute each other using the internal IP addresses)
>=20
> However i have one more requirement which i need advice on how to do it:-
> -One of the machines(call it machine X) in LAN B is not using CIPE gatewa=
y
> as its gateway( it is going to the internet using another gateway, which =
is
> also in the same LAN). This machine don't need to access machines in LAN =
A,
> but machine in LAN A need to access this machine. Since this machine is
> using another gateway(not CIPE gateway), then the classical CIPE-based VP=
N
> implementation will not allow it to be accessible by remote LAN.
>=20
On machine X you need a static route to tell it how to get back to LAN A
(i.e. via the VPN gateway). Since your VPN LAN is setup and working for
the other machines in LAN A and LAN B, the routes should already be
there for LAN A to get to machine X on LAN B.

> -My question is, what modifications (routings, or SNAT/DNAT, ...) can i d=
o
> to allow machine in remote LAN A to access that machine X (in LAN B)?
>=20
> Thanks,
> Steven
>=20
>=20
>=20

--=-UAGO5kEv2l9XERuGg6p3
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+0zrKh1fuR/Bv+ygRAmE0AKCWOTZq0WiMWpyDoQRkzYZeg2WfsgCdGXw0
4iJNhKV5TUPmeSYGRXgNDKM=
=pMye
-----END PGP SIGNATURE-----

--=-UAGO5kEv2l9XERuGg6p3--