kind of VPN using ip_masquerading

kind of VPN using ip_masquerading

Post by roo » Wed, 16 May 2001 07:17:10



Hi,

I subscribed to a provider which allow me to have a static IP adress wit
h ADSL.

I would want to make a "sort of VPN" using IP Masq capabilities ;

Explaining :

My Linux gateway (connected to internet with aaa.bbb.ccc.ddd IP) masks m
y subnetwork (192.168.1.*). A friend of mine also have a linux gateway (
vvv.www.xxx.yyy) masking his subnetwork (192.168.2.*)

The purpose is to reach one of my LAN stations (eg : 192.168.1.2) from o
ne of his LAN stations (eg : 192.168.2.3)

so "ping 192.168.1.2" from his station would be ok.

I tried to set up default gateway as "aaa.bbb.ccc.ddd" (my gateway's IP)
 on HIS gw (vvv.www.xxx.yyy).
A script on my gateway (loaded every 5 min by crond) takes his dynamic I
P, and reset ipchains rules to accept packets coming from his actual IP
address. No problems in my ipchains very-basic rules.

But.... no way... I also tried to do this job with someone connected und
er Windows 9x, by typing "route ADD etc..." on it : it returns me an err
or (like "bad gateway" or something like that).
I'm sure it would work perfectly on a LAN (I've still done it), but it l
ooks like it's impossible over internet.

Is there a solution ?

Thanks a lot.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Article poste via Voila News - http://www.news.voila.fr
Le : Tue May 15 00:17:10 2001 depuis l'IP : proxy-n0.nerim.net [VIP 3185888]

 
 
 

kind of VPN using ip_masquerading

Post by Tauno Voipi » Wed, 16 May 2001 15:53:43



Quote:> Hi,

> I subscribed to a provider which allow me to have a static IP adress wit
> h ADSL.

> I would want to make a "sort of VPN" using IP Masq capabilities ;

> Explaining :

> My Linux gateway (connected to internet with aaa.bbb.ccc.ddd IP) masks m
> y subnetwork (192.168.1.*). A friend of mine also have a linux gateway (
> vvv.www.xxx.yyy) masking his subnetwork (192.168.2.*)

> The purpose is to reach one of my LAN stations (eg : 192.168.1.2) from o
> ne of his LAN stations (eg : 192.168.2.3)

> so "ping 192.168.1.2" from his station would be ok.

> I tried to set up default gateway as "aaa.bbb.ccc.ddd" (my gateway's IP)
>  on HIS gw (vvv.www.xxx.yyy).
> A script on my gateway (loaded every 5 min by crond) takes his dynamic I
> P, and reset ipchains rules to accept packets coming from his actual IP
> address. No problems in my ipchains very-basic rules.

> But.... no way... I also tried to do this job with someone connected und
> er Windows 9x, by typing "route ADD etc..." on it : it returns me an err
> or (like "bad gateway" or something like that).
> I'm sure it would work perfectly on a LAN (I've still done it), but it l
> ooks like it's impossible over internet.

> Is there a solution ?

Try CIPE (www.inka.de/~bigred/devel/cipe.html).

Tauno Voipio


 
 
 

1. Network to Network IPSec VPN using RHEL/CentOS: separate VPN Router and LAN Gateway

Hi there,

I followed the RHEL documentation at
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
and was able to deploy network to network IPSec VPN between two
private networks, as long as I set the IPSec Routers to be the same as
the LAN gateways.

But according to the documentation, it is possible to have the IPSec
routers different from the LAN gateways. The image shown in the above
cited page shows it. Also, it is even clearer depicted in an older
documentation at http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-...
especially with this image:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-...

However, if I choose to have the Gateway different from the routers,
then in the /etc/sysconfig/network-scripts/ifcfg-ipsec1 file, I need
to specify the gateway IP address for SRCGW, which is different from
the IP address of the IPSec router itself.
Then I am not able to run the "ifup ipsec1" command and get the error
of "RTNETLINK answers: Invalid argument".

I googled around and people seemed to suggest that the SRCGW needs to
the local intranet IP for the IPSec Router itself. But is this true if
this router is different from the LAN gateway? Most likely, before the
VPN is setup, there is already a LAN gateway for each private network
which is functioning as a NAT and firewall. When VPN is introduced, we
may want to leave the gateway alone  and don't change the gateway
setup for any of the LAN host at all.  As long as the LAN gateway is
able to forward VPN request to the IPSec Router, this should also
work, right?

But how do I get around the "RTNETLINK answers: Invalid argument"
problem?
Thank you very much.

Shi

2. COMMERCIAL: Linux Verband LIVE

3. What kind of application can ARM7TDMI-base board be used for?

4. Installing a SCSI tape drive

5. elm: what kind(s) of locking should be used?

6. nfsd crashing, RH 6.1

7. Anybody using SOlaris X86, with some kind of software raid and INN?

8. help me get my PPP connection working please!!!

9. What kind of memory is used by a Fujitsu GP7000F

10. Can Linux be used as a VPN Server

11. VPN using ppp+ssh question (ppp-2.3.5 does not support pty)

12. howto ipmasq vpn client using ipchains???

13. VPN key exchange getting no response when using masq