help needed-VPN

help needed-VPN

[Steven Mugassa]

Hello,

I'm trying to implement VPN of two remote LANs(LAN A & LAN B) using CIPE (on
RedHat 9.0). I have tried to follow instructions from "CIPE-How to" from
tldp.org and it seems to work (the machines on the two LANs can ping &
traceroute each other using the internal IP addresses)

However i have one more requirement which i need advice on how to do it:-
-One of the machines(call it machine X) in LAN B is not using CIPE gateway
as its gateway( it is going to the internet using another gateway, which is
also in the same LAN). This machine don't need to access machines in LAN A,
but machine in LAN A need to access this machine. Since this machine is
using another gateway(not CIPE gateway), then the classical CIPE-based VPN
implementation will not allow it to be accessible by remote LAN.

-My question is, what modifications (routings, or SNAT/DNAT, ...) can i do
to allow machine in remote LAN A to access that machine X (in LAN B)?

Thanks,
Steven

Re: help needed-VPN

[Ray Leach]

[-- Attachment #1: Type: text/plain, Size: 1355 bytes --]

Hi

On Tue, 2003-05-27 at 11:39, Steven Mugassa wrote:
> Hello,
> 
> I'm trying to implement VPN of two remote LANs(LAN A & LAN B) using CIPE (on
> RedHat 9.0). I have tried to follow instructions from "CIPE-How to" from
> tldp.org and it seems to work (the machines on the two LANs can ping &
> traceroute each other using the internal IP addresses)
> 
> However i have one more requirement which i need advice on how to do it:-
> -One of the machines(call it machine X) in LAN B is not using CIPE gateway
> as its gateway( it is going to the internet using another gateway, which is
> also in the same LAN). This machine don't need to access machines in LAN A,
> but machine in LAN A need to access this machine. Since this machine is
> using another gateway(not CIPE gateway), then the classical CIPE-based VPN
> implementation will not allow it to be accessible by remote LAN.
> 
On machine X you need a static route to tell it how to get back to LAN A
(i.e. via the VPN gateway). Since your VPN LAN is setup and working for
the other machines in LAN A and LAN B, the routes should already be
there for LAN A to get to machine X on LAN B.

> -My question is, what modifications (routings, or SNAT/DNAT, ...) can i do
> to allow machine in remote LAN A to access that machine X (in LAN B)?
> 
> Thanks,
> Steven
> 
> 
> 

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: help needed-VPN

[Gabriele Altomare]

You have to add a static route on the machine X which say :

to the remote lan (the lan on the other side of the tunnel) use the Cipe
Gateway. That's all.


On Tue, 2003-05-27 at 11:39, Steven Mugassa wrote:
> Hello,
> 
> I'm trying to implement VPN of two remote LANs(LAN A & LAN B) using CIPE (on
> RedHat 9.0). I have tried to follow instructions from "CIPE-How to" from
> tldp.org and it seems to work (the machines on the two LANs can ping &
> traceroute each other using the internal IP addresses)
> 
> However i have one more requirement which i need advice on how to do it:-
> -One of the machines(call it machine X) in LAN B is not using CIPE gateway
> as its gateway( it is going to the internet using another gateway, which is
> also in the same LAN). This machine don't need to access machines in LAN A,
> but machine in LAN A need to access this machine. Since this machine is
> using another gateway(not CIPE gateway), then the classical CIPE-based VPN
> implementation will not allow it to be accessible by remote LAN.
> 
> -My question is, what modifications (routings, or SNAT/DNAT, ...) can i do
> to allow machine in remote LAN A to access that machine X (in LAN B)?
> 
> Thanks,
> Steven
> 

RE: help needed-VPN

[George Vieira]

ha haaa!!! A sneeaky way of doing thing is one way..

There is a trade off on the idea I have but here goes..

You maquerade your LAN B machines to access lan A workstation. This LAN A workstation won't need a static route to LAN B because it'll appear as the firewall/VPN machine because you've MASQUERADED it..

trade off is that every machine in LAN B will appear as the firewall..

I'm not familiar with CIPE so dunno if this will work for you..

-----Original Message-----
From: Steven Mugassa [mailto:steven.mugassa@intafrica.com]
Sent: Tuesday, May 27, 2003 7:40 PM
To: netfilter@lists.netfilter.org
Cc: owner-cipe-l@inka.de; cipe-l@inka.de
Subject: help needed-VPN




Hello,

I'm trying to implement VPN of two remote LANs(LAN A & LAN B) using CIPE (on
RedHat 9.0). I have tried to follow instructions from "CIPE-How to" from
tldp.org and it seems to work (the machines on the two LANs can ping &
traceroute each other using the internal IP addresses)

However i have one more requirement which i need advice on how to do it:-
-One of the machines(call it machine X) in LAN B is not using CIPE gateway
as its gateway( it is going to the internet using another gateway, which is
also in the same LAN). This machine don't need to access machines in LAN A,
but machine in LAN A need to access this machine. Since this machine is
using another gateway(not CIPE gateway), then the classical CIPE-based VPN
implementation will not allow it to be accessible by remote LAN.

-My question is, what modifications (routings, or SNAT/DNAT, ...) can i do
to allow machine in remote LAN A to access that machine X (in LAN B)?

Thanks,
Steven