Hi, Does IP Tunnel (IPIP) works on Provate Network. I read some howtos, most network which implement IP Tunnel (IPIP) are as below:- (LAN) Router A ----- Internet ------- Router B (LAN) (1) IP Tunnel is build up from Router A to Router B (2) Host behind Router A can communicate with host behind Router B Looking at this network, I have to configure 2 Routers, both uses different Gateway to Internet. The problem is, I have access to only one Router. :( Can I simulate IP Tunnel using the following Network? (LAN) Router A ----- Router C ------- Router B (LAN) (1) All routers ar on Private Network (2) Using 3 Routers, I can segment 3 networks (3) IP Tunnel is build from ROuter A to ROuter B Please advice. Let me know if I got Ip Tunnel (using IPIP) concept wrong. I tried on the second network diagram using "ip tunnel" and "ip route", but is not working. Thank you, Calvin
The problem is that each router on each end of a tunnel, respectively decapsulating the ip packets received from its tunnel peer end, so if you can configure only one router, there is no one to decapsulate the tunneling information received from router A. A good try for you should be trying a third router as you have mentioned, behind the router you don''t have access to Hi,=20 Does IP Tunnel (IPIP) works on Provate Network. I read some howtos, most network which implement IP Tunnel (IPIP) are as below:- (LAN) Router A ----- Internet ------- Router B (LAN)=20 (1) IP Tunnel is build up from Router A to Router B (2) Host behind Router A can communicate with host behind Router B Looking at this network, I have to configure 2 Routers, both uses different Gateway to Internet. The problem is, I have access to only one Router. :( Can I simulate IP Tunnel using the following Network? (LAN) Router A ----- Router C ------- Router B (LAN)=20 (1) All routers ar on Private Network (2) Using 3 Routers, I can segment 3 networks (3) IP Tunnel is build from ROuter A to ROuter B Please advice. Let me know if I got Ip Tunnel (using IPIP) concept wrong.=20 I tried on the second network diagram using "ip tunnel" and "ip route", but is not working. Thank you, Calvin -- Claudiu Pruna <claudiu@net-go.net> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, Hmmm, I will go on testing with Network Diagram B, hwre ethere is a presence of a third router. My first try on testing shows failure. I can see activity in Tx, but not Rx. Question: (1) If it is a Tunnel, is setting up proper route between those routers important? Sorry for late reply, was bz with some other stuffs. WIll get back wif any new findings :) Thank you Calvin ----- Original Message ----- From: "Claudiu Pruna" <claudiu@net-go.net> To: <cal_kaiwen@hotmail.com> Cc: <lartc@mailman.ds9a.nl> Sent: Tuesday, February 10, 2004 3:00 PM Subject: [LARTC] Testing IP Tunnel (IPIP) on Private Network> The problem is that each router on each end of a tunnel, respectively > decapsulating the ip packets received from its tunnel peer end, so if > you can configure only one router, there is no one to decapsulate the > tunneling information received from router A. A good try for you should > be trying a third router as you have mentioned, behind the router you > don''t have access to > > Hi,=20 > > Does IP Tunnel (IPIP) works on Provate Network. > > I read some howtos, most network which implement IP Tunnel (IPIP) are as > below:- > > (LAN) Router A ----- Internet ------- Router B (LAN)=20 > > (1) IP Tunnel is build up from Router A to Router B > (2) Host behind Router A can communicate with host behind Router B > > Looking at this network, I have to configure 2 Routers, both uses > different Gateway to Internet. > The problem is, I have access to only one Router. :( > > > > Can I simulate IP Tunnel using the following Network? > > (LAN) Router A ----- Router C ------- Router B (LAN)=20 > > (1) All routers ar on Private Network > (2) Using 3 Routers, I can segment 3 networks > (3) IP Tunnel is build from ROuter A to ROuter B > > Please advice. Let me know if I got Ip Tunnel (using IPIP) concept > wrong.=20 > I tried on the second network diagram using "ip tunnel" and "ip route", > but is not working. > > Thank you, > Calvin > -- > Claudiu Pruna <claudiu@net-go.net> > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, Now I get my chance to look at this approach again. I took a look at your diagram, I have got questions:- (1) For Router A, eth0 is xxx.yyy.zzz.ttt, eth1 192.168.1.1/24. So, which interface holds the IP of 192.168.3.1/30? Same ad Router B... (2) For Router B, eth0 is bbb.ccc.ddd.eee, eth1 192.168.2.1/24. So, which interface holds the IP of 192.168.3.2/30? Please advice. Thank you. Calvin ----- Original Message ----- From: "Claudiu Pruna" <claudiu@net-go.net> To: "kaiwen" <cal_kaiwen@hotmail.com> Sent: Monday, February 16, 2004 4:52 PM Subject: Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network> The point is that I am not sure that tunneling will cross nat, if the > middle router is doing nat for your lan, if it does, than I suggest > using other kind of tunneling, like openvpn which you can find at > http://openvpn.sf.net. What I want to say is that best for you is to > have both ends of the tunnel on routers with routable ip''s. So let''s > consider this: > > > 192.168.1.1/24 xxx.yyy.zzz.ttt bbb.ccc.ddd.eee > eth1 eth1 > +-----+ +----------+ eth0 eth0+----------+ +-----+ > | Lan1|<->| Router A | <========================> | Router B |<->|LAN 2| > +-----+ +----------+ INTERNET +----------+ +-----+ > 192.168.2.1/24 > ^ ^ > | IPIP Tunnel | > +=======================================+ > 192.168.3.1/30 192.168.3.2/30 > > > On router A: > ip tunnel add mylan local xxx.yyy.zzz.ttt remote bbb.ccc.ddd.eee ttl 255 > ip address add mylan 192.168.3.1 peer 192.168.3.2 dev mylan > ip link set mylan up > ip route add 192.168.2.0/24 via 192.168.3.2 > > > On router B: > ip tunnel add mylan local bbb.ccc.ddd.eee remote xxx.yyy.zzz.ttt ttl 255 > ip address add mylan 192.168.3.2 peer 192.168.3.1 dev mylan > ip link set mylan up > ip route add 192.168.1.0/24 via 192.168.3.1 > > > > The ideea is that the new crated interfaces (tunnel ends) have their ip > address which are used as gateways to reach the other end LAN > > > > If you don''t have root access on Router B, than the solution left is > another router (Router C) between Router B and LAN 2. And here you have > two cases: > > 1) If Router C will have routable ip address, than, everithing is as > above, but you do all the mess on Router C instead of Router B. > > 2) If Router C is behind NAT, than you shure do have to check on openvpn > or some other kind of tunneling that works on sockets and which pass > through nat, and considering you use openvpn, on router A use the > "--float" option and don''t specify an remote address. > > > That''s about it. > > Bye > > > On Fri, 2004-02-13 at 12:27, kaiwen wrote: > > Hi, > > > > Hmmm, I will go on testing with Network Diagram B, hwre ethere is apresence> > of a third router. > > My first try on testing shows failure. I can see activity in Tx, but notRx.> > > > Question: > > (1) If it is a Tunnel, is setting up proper route between those routers > > important? > > > > Sorry for late reply, was bz with some other stuffs. WIll get back wifany> > new findings :) > > > > Thank you > > Calvin > > > > ----- Original Message ----- > > From: "Claudiu Pruna" <claudiu@net-go.net> > > To: <cal_kaiwen@hotmail.com> > > Cc: <lartc@mailman.ds9a.nl> > > Sent: Tuesday, February 10, 2004 3:00 PM > > Subject: [LARTC] Testing IP Tunnel (IPIP) on Private Network > > > > > > > The problem is that each router on each end of a tunnel, respectively > > > decapsulating the ip packets received from its tunnel peer end, so if > > > you can configure only one router, there is no one to decapsulate the > > > tunneling information received from router A. A good try for youshould> > > be trying a third router as you have mentioned, behind the router you > > > don''t have access to > > > > > > Hi,=20 > > > > > > Does IP Tunnel (IPIP) works on Provate Network. > > > > > > I read some howtos, most network which implement IP Tunnel (IPIP) areas > > > below:-> > > > > > (LAN) Router A ----- Internet ------- Router B (LAN)=20 > > > > > > (1) IP Tunnel is build up from Router A to Router B > > > (2) Host behind Router A can communicate with host behind Router B > > > > > > Looking at this network, I have to configure 2 Routers, both uses > > > different Gateway to Internet. > > > The problem is, I have access to only one Router. :( > > > > > > > > > > > > Can I simulate IP Tunnel using the following Network? > > > > > > (LAN) Router A ----- Router C ------- Router B (LAN)=20 > > > > > > (1) All routers ar on Private Network > > > (2) Using 3 Routers, I can segment 3 networks > > > (3) IP Tunnel is build from ROuter A to ROuter B > > > > > > Please advice. Let me know if I got Ip Tunnel (using IPIP) concept > > > wrong.=20 > > > I tried on the second network diagram using "ip tunnel" and "iproute", > > > but is not working.> > > > > > Thank you, > > > Calvin > > > -- > > > Claudiu Pruna <claudiu@net-go.net> > > > > > > > -- > Claudiu Pruna > GPS Birotic SRL > Network Administrator > mail: claudiu.pruna@gpsnet.ro > web: http://www.gpsnet.ro > tel: +40.21.231.59.79 > fax: +40.21.231.59.78 > mobil: +40.0723.63.89.89 > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, Thank you for the reply :) Yes, now I understand what are 192.168.3.1/30 and 192.168.3.2/30 for. Unfortunately, when I apply on the testbed, I did not get the result I wanted. Must be something wrong with my configuration. I did it using 3 Routers, as I have no control over another Router (tunnel ends) on Internet. Network Diagram: LAN A -- (192.168.8.88/24) Router A (192.168.250.197) -- (192.168.250.195) Router C (192.168.11.188) -- (192.168.11.1) Router B (192.168.2.1) -- LAN B Configuration: On Router A: Default Gateway 192.168.250.195 ip tunnel add tunl1 mode ipip local 192.168.250.197 remote 192.168.11.1 ttl 255 ip address add 192.168.3.1 peer 192.168.3.2 dev tunl1 ip link set tunl1 up ip route add 192.168.2.0/24 via 192.168.3.2 On Router A: Default Gateway 192.168.11.188 ip tunnel add tunl1 mode ipip local 192.168.11.1 remote 192.168.250.197 ttl 255 ip address add 192.168.3.2 peer 192.168.3.1 dev tunl1 ip link set tunl1 up ip route add 192.168.8.0/24 via 192.168.3.1 On Router C: Default Gateway A 192.168.11.1 Default Gateway B 192.168.250.197 Result: Ping from Router A to 192.168.2.1 failed. I can see Bytes transfered in TX mode, but nothing in RX, which is quite true since my ping fails. Please advice. Best regards, Calvin ----- Original Message ----- From: "Claudiu Pruna" <claudiu@net-go.net> To: "kaiwen" <cal_kaiwen@hotmail.com> Sent: Thursday, February 26, 2004 5:09 PM Subject: Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network> Hi, > > the tunnel interface holds those addresses, you must think at the tunnel > as of one new network interface on each router. > > kaiwen wrote: > > Hi, > > > > Now I get my chance to look at this approach again. > > > > I took a look at your diagram, I have got questions:- > > > > (1) For Router A, eth0 is xxx.yyy.zzz.ttt, eth1 192.168.1.1/24. > > So, which interface holds the IP of 192.168.3.1/30? > > > > Same ad Router B... > > > > (2) For Router B, eth0 is bbb.ccc.ddd.eee, eth1 192.168.2.1/24. > > So, which interface holds the IP of 192.168.3.2/30? > > > > Please advice. > > > > Thank you. > > Calvin > > > > ----- Original Message ----- > > From: "Claudiu Pruna" <claudiu@net-go.net> > > To: "kaiwen" <cal_kaiwen@hotmail.com> > > Sent: Monday, February 16, 2004 4:52 PM > > Subject: Re: [LARTC] Testing IP Tunnel (IPIP) on Private Network > > > > > > > >>The point is that I am not sure that tunneling will cross nat, if the > >>middle router is doing nat for your lan, if it does, than I suggest > >>using other kind of tunneling, like openvpn which you can find at > >>http://openvpn.sf.net. What I want to say is that best for you is to > >>have both ends of the tunnel on routers with routable ip''s. So let''s > >>consider this: > >> > >> > >> 192.168.1.1/24 xxx.yyy.zzz.ttt bbb.ccc.ddd.eee > >> eth1 eth1 > >>+-----+ +----------+ eth0 eth0+----------+ +-----+ > >>| Lan1|<->| Router A | <========================> | Router B |<->|LAN 2| > >>+-----+ +----------+ INTERNET +----------+ +-----+ > >> 192.168.2.1/24 > >> ^ ^ > >> | IPIP Tunnel | > >> +=======================================+ > >> 192.168.3.1/30 192.168.3.2/30 > >> > >> > >>On router A: > >>ip tunnel add mylan local xxx.yyy.zzz.ttt remote bbb.ccc.ddd.eee ttl 255 > >>ip address add mylan 192.168.3.1 peer 192.168.3.2 dev mylan > >>ip link set mylan up > >>ip route add 192.168.2.0/24 via 192.168.3.2 > >> > >> > >>On router B: > >>ip tunnel add mylan local bbb.ccc.ddd.eee remote xxx.yyy.zzz.ttt ttl 255 > >>ip address add mylan 192.168.3.2 peer 192.168.3.1 dev mylan > >>ip link set mylan up > >>ip route add 192.168.1.0/24 via 192.168.3.1 > >> > >> > >> > >>The ideea is that the new crated interfaces (tunnel ends) have their ip > >>address which are used as gateways to reach the other end LAN > >> > >> > >> > >>If you don''t have root access on Router B, than the solution left is > >>another router (Router C) between Router B and LAN 2. And here you have > >>two cases: > >> > >>1) If Router C will have routable ip address, than, everithing is as > >>above, but you do all the mess on Router C instead of Router B. > >> > >>2) If Router C is behind NAT, than you shure do have to check on openvpn > >>or some other kind of tunneling that works on sockets and which pass > >>through nat, and considering you use openvpn, on router A use the > >>"--float" option and don''t specify an remote address. > >> > >> > >>That''s about it. > >> > >>Bye > >> > >> > >>On Fri, 2004-02-13 at 12:27, kaiwen wrote: > >> > >>>Hi, > >>> > >>>Hmmm, I will go on testing with Network Diagram B, hwre ethere is a > > > > presence > > > >>>of a third router. > >>>My first try on testing shows failure. I can see activity in Tx, butnot> > > > Rx. > > > >>>Question: > >>>(1) If it is a Tunnel, is setting up proper route between those routers > >>>important? > >>> > >>>Sorry for late reply, was bz with some other stuffs. WIll get back wif > > > > any > > > >>>new findings :) > >>> > >>>Thank you > >>>Calvin > >>> > >>>----- Original Message ----- > >>>From: "Claudiu Pruna" <claudiu@net-go.net> > >>>To: <cal_kaiwen@hotmail.com> > >>>Cc: <lartc@mailman.ds9a.nl> > >>>Sent: Tuesday, February 10, 2004 3:00 PM > >>>Subject: [LARTC] Testing IP Tunnel (IPIP) on Private Network > >>> > >>> > >>> > >>>>The problem is that each router on each end of a tunnel, respectively > >>>>decapsulating the ip packets received from its tunnel peer end, so if > >>>>you can configure only one router, there is no one to decapsulate the > >>>>tunneling information received from router A. A good try for you > > > > should > > > >>>>be trying a third router as you have mentioned, behind the router you > >>>>don''t have access to > >>>> > >>>>Hi,=20 > >>>> > >>>>Does IP Tunnel (IPIP) works on Provate Network. > >>>> > >>>>I read some howtos, most network which implement IP Tunnel (IPIP) are > > > > as > > > >>>>below:- > >>>> > >>>>(LAN) Router A ----- Internet ------- Router B (LAN)=20 > >>>> > >>>>(1) IP Tunnel is build up from Router A to Router B > >>>>(2) Host behind Router A can communicate with host behind Router B > >>>> > >>>>Looking at this network, I have to configure 2 Routers, both uses > >>>>different Gateway to Internet. > >>>>The problem is, I have access to only one Router. :( > >>>> > >>>> > >>>> > >>>>Can I simulate IP Tunnel using the following Network? > >>>> > >>>>(LAN) Router A ----- Router C ------- Router B (LAN)=20 > >>>> > >>>>(1) All routers ar on Private Network > >>>>(2) Using 3 Routers, I can segment 3 networks > >>>>(3) IP Tunnel is build from ROuter A to ROuter B > >>>> > >>>>Please advice. Let me know if I got Ip Tunnel (using IPIP) concept > >>>>wrong.=20 > >>>>I tried on the second network diagram using "ip tunnel" and "ip > > > > route", > > > >>>>but is not working. > >>>> > >>>>Thank you, > >>>>Calvin > >>>>-- > >>>>Claudiu Pruna <claudiu@net-go.net> > >>>> > >>>> > >>-- > >>Claudiu Pruna > >>GPS Birotic SRL > >>Network Administrator > >>mail: claudiu.pruna@gpsnet.ro > >>web: http://www.gpsnet.ro > >>tel: +40.21.231.59.79 > >>fax: +40.21.231.59.78 > >>mobil: +40.0723.63.89.89 > >> > >> > > -- > Claudiu Pruna > mail: claudiu@net-go.net > web: http://www.net-go.net > tel: +40.723.63.89.89 > fax: +40.723.63.89.89 > mobil: +40.723.63.89.89 >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/