[NCLUG] cipe "virtual identity"

Kevin Fenzi kevin at scrye.com
Thu May 8 22:15:14 MDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "listz" == listz  <listz at hate.cx> writes:

listz> but what about if the firewall and gateway are seperated by the
listz> internet. 

It doesn't matter. CIPE needs a connection of some kind to tunnel
over, but anything will do. PPP, slip, wireless, ethernet, etc... 

listz> lets assume 192.168.0.10 is a real address. does the
listz> tunnel have its own addresses inside the tunnel? like a real

Yes, you tell cipe:

On the client:

peer is example.com
my ipaddress is 192.168.1.2
point to point ip is 192.168.1.1

On the server:

peer is anyone
my ipaddress is 192.168.1.1
point to point ip is 192.168.1.2

So, when the client brings up it's cipe interface it connects to
example.com (a real ip on the server) and then the cipe tunnel has
192.168.1.1 on the server side, and 192.168.1.2 on the client side. 

listz> address of 216.17.172.1 on eth0 of the laptop, and the firewall
listz> has an address of 192.168.0.11 (again, assuming its routable).
listz> maybe i'm being confusing, and maybe i just need to play around
listz> with it some.

You can then route anything you like over that cipe tunnel... 
ie, (on the client)

route add -net 10.1.1.0/24 gw 192.168.1.1

then all traffic to 10.1.1.0/24 net will go over the cipe tunnel to
the server and then (if the server knows how to get to 10.1.1.0/24) to
the network in question. 

listz> i guess let me explain a bit more what i want to do. there is
listz> an internal server that is only accessible from known ip
listz> addresses (via local iptables rules, tcp-wrappers, etc.). when
listz> i'm on travel i could be using any ip address, but if i need to
listz> connect back to the internal server i need the connection to
listz> appear as if it were coming from some known ip address. i
listz> figured a vpn would be able to accomplish this task. can cipe
listz> do this or even frees/wan?

yes. 
In the above case you just need allow connections from 192.168.1.2 to
your machine and it will be fine. 

kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQE+uytV3imCezTjY0ERAkwlAJsFXVwtBiCBO2UK3Cybg37IdExIawCfWxpo
xB7o66yb0IrGkITWi19oUrY=
=AQpw
-----END PGP SIGNATURE-----



More information about the NCLUG mailing list