IP: tunneling problem

IP: tunneling problem

Post by Jaakko Toivane » Fri, 19 Oct 2001 00:36:19



192.168.1/24(A)  --->  adsl(a)  ---> internet <---- adsl(b) <----
192.168.0/24(B)

I'd like the A to be able to access B using IPIP Encapsulation (
http://www.linuxdoc.org/HOWTO/Net-HOWTO/x1276.html )

My problem is that route doesn't work:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.120.26.200   *               255.255.255.248 U     0      0        0 eth1
192.168.1.0       *               255.255.255.0     U     0      0        0
eth0
default               adsl            0.0.0.0               UG    0      0
0 eth1

ok I try to do the same thing as shown in the HOWTO, but this is what I get

myrouter:/~# ifconfig tunl0 192.168.1.1 up   (works fine)
myrouter:/~# route add -net 192.168.0.0 netmask 255.255.255.0 gw $adsl(b)
tunl0
SIOCADDRT: Network is unreachable  (darn)

how can I make adsl(b) to be reachable by adsl(a)
In the example they use ppp0 to access the internet, but
I use adsl as my gw to access the internet and adsl(b)..   I don't see any
difference but sth isn't right.  I'd like to know the solution or is this
even possible.

 
 
 

IP: tunneling problem

Post by Steve Cowle » Fri, 19 Oct 2001 06:01:12



Quote:> 192.168.1/24(A)  --->  adsl(a)  ---> internet <---- adsl(b) <----
> 192.168.0/24(B)

> I'd like the A to be able to access B using IPIP Encapsulation (
> http://www.linuxdoc.org/HOWTO/Net-HOWTO/x1276.html )

> My problem is that route doesn't work:

> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 10.120.26.200   *               255.255.255.248 U     0      0        0
eth1
> 192.168.1.0       *               255.255.255.0     U     0      0
0
> eth0
> default               adsl            0.0.0.0               UG    0      0
> 0 eth1

> ok I try to do the same thing as shown in the HOWTO, but this is what I
get

> myrouter:/~# ifconfig tunl0 192.168.1.1 up   (works fine)
> myrouter:/~# route add -net 192.168.0.0 netmask 255.255.255.0 gw $adsl(b)
> tunl0
> SIOCADDRT: Network is unreachable  (darn)

Hmmm.... I read this howto. Although I have never tried this example, I use
a slightly different syntax to create an ipip encaps tunnel.  Requires
iproute2.

Given the following:

Network A
adsl_a_public_ip=1.2.3.4 (eth0)
adsl_a_private_ip=192.168.0.1 (eth1)

Network B
adsl_b_public_ip=5.6.7.8 (eth0)
adsl_a_private_ip=192.168.1.1 (eth1)

From network A endpoint -> network B:

modprobe ipip
ip tunnel add networkb mode ipip remote 5.6.7.8
ip addr add 192.168.0.1 peer 192.168.1.1 dev networkb
ip link set dev networkb up
ip route add 192.168.1.0/24 via 5.6.7.8 dev networkb onlink

From network B endpoint -> network A:

modprobe ipip
ip tunnel add networka mode ipip remote 1.2.3.4
ip addr add 192.168.1.1 peer 192.168.0.1 dev networka
ip link set dev networka up
ip route add 192.168.0.0/24 via 1.2.3.4 dev networka onlink

Now, if you are able to ping the peers ip address from each end, then you
will need to deal with ipchain or iptable rules to permit these two networks
to talk to each other.

Good Luck
Steve Cowles

 
 
 

IP: tunneling problem

Post by Jaakko Toivane » Fri, 19 Oct 2001 18:48:04


Yea, this might work.  Thanks.
Quote:

> Hmmm.... I read this howto. Although I have never tried this example, I
use
> a slightly different syntax to create an ipip encaps tunnel.  Requires
> iproute2.

> Given the following:

> Network A
> adsl_a_public_ip=1.2.3.4 (eth0)
> adsl_a_private_ip=192.168.0.1 (eth1)

> Network B
> adsl_b_public_ip=5.6.7.8 (eth0)
> adsl_a_private_ip=192.168.1.1 (eth1)

> From network A endpoint -> network B:

> modprobe ipip
> ip tunnel add networkb mode ipip remote 5.6.7.8
> ip addr add 192.168.0.1 peer 192.168.1.1 dev networkb
> ip link set dev networkb up
> ip route add 192.168.1.0/24 via 5.6.7.8 dev networkb onlink

> From network B endpoint -> network A:

> modprobe ipip
> ip tunnel add networka mode ipip remote 1.2.3.4
> ip addr add 192.168.1.1 peer 192.168.0.1 dev networka
> ip link set dev networka up
> ip route add 192.168.0.0/24 via 1.2.3.4 dev networka onlink

> Now, if you are able to ping the peers ip address from each end, then you
> will need to deal with ipchain or iptable rules to permit these two
networks
> to talk to each other.

> Good Luck
> Steve Cowles