Hi all,
This is probably not the right place for this question, but maybe
someone can help me out. I am trying to setup a VPN between two private
addresses, using iproute2 (which is my only excuse for mailing this list).
The setup is as below :
eth0 ppp0
Wireless ppp0 eth0
192.168.200.202 192.168.94.134 <----->
192.168.94.132 192.168.2.200
Both eth0 (strictly ixp1) and ppp0''s are on wireless boards that we
make.
I have basically followed the VPN Howto and done the following :
ip tunnel add net0 mode gre remote 192.168.2.200 local 192.168.200.202
ttl 255 dev ppp0
ip link set net0 up
ip addr add 192.168.200.202 dev net0
ip route add 192.168.2.0/24 dev net0
I have tried various combinations of the above, using the ppp IP address
for remote and the eth0 for local, etc, etc. (4 possible combinations).
I do the reverse on the other end of the tunnel, but do not see any
traffic over this lot. I am able to ping and ssh between the two
wireless boxes.
I do have a firewall, configured to do NAT on the PPP interface. I have
also tried excluding the destination addresses from being NAt''d but
this
didn''t make any difference.
Any suggestions would be greatly appreciated.
Best regards
Steve Comfort
On Tuesday 2005-October-11 07:40, Steve Comfort wrote:> The setup is as below :Your ASCII diagram was not clear.> I have basically followed the VPN Howto and done the following :Are you talking about the old one from TLDP?> Any suggestions would be greatly appreciated.Perhaps not much help, but I use http://openvpn.org/ -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
you could use openvpn -- *Dariusz ''tdi'' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:tdi@gentoo.pl|[gg]:2266034|[IRC]:#gentoo-pl@freenode | *[MAIL]:tdi@pozman.pl|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F |
On Tue, 11 Oct 2005 14:40:10 +0200
Steve Comfort <steve@4dllc.com> wrote:
Hi,
I can''t understand your diagram as well. :-(
Let''s suppose you have 2 hosts, host A and host B, each has an outer
("public") and an inner ("local") interface. The outer
interfaces have the
IP addresses Apub and Bpub respectively, and the inner networks have the
address spaces Aloc and Bloc, respectively. Also we make use of another
pair of IP addresses, for the tunnel interfaces (10.10.10.1 and
10.10.10.2).
Then the right commands would be:
host A:
ip tunnel add net0 mode gre remote <Bpub> local <Apub>
ip address add 10.10.10.1/32 net0
ip link set net0 up
ip route add <Bloc> dev net0
host B:
ip tunnel add net0 mode gre remote <Apub> local <Bpub>
ip address add 10.10.10.2/32 net0
ip link set net0 up
ip route add <Aloc> dev net0
If the tunnel works, you can ping 10.10.10.2 from host A (and 10.10.10.1
from host B), if the routing works also, you can ping the other inner
network from each host.
> I do have a firewall, configured to do NAT on the PPP interface. I have
> also tried excluding the destination addresses from being NAt''d
but this
> didn''t make any difference.
Just a quick question: you do not filter out GRE (IP protocol 47) on the
firewall? (NATing GRE is a bad idea as well - it does not work AFAIK.)
And don''t forget that the GRE tunnel transmits all the traffic
unencrypted, so only use it on a trusted network. (Not even on that.:-)
norbi