[Beds] Broadcast packets over VPN

Jonathan Dye jonathan.dye at automationpartnership.com
Tue Mar 18 10:34:00 2003 

Neil Darlow wrote:
> Hi Jon,
> 
> On Tuesday 18 Mar 2003 08:38, Jonathan Dye wrote:
>> I've managed to set up a VPN between myself and a friend using
>> IPSec.  We both have /24 subnets in the 10.0.0.0 network, he has a
>> gateway with a static IP and mine is dynamic.  When I dialup my
>> computer initiates a connection to his (always on) gateway. 
>> Everything work fine in that we can connect between machine in our
>> networks across the VPN. 
> 
> So your subnet is 10.0.0.X with a broadcast address of
> 10.0.0.255 and your
> network interface has been configured for this broadcast address?

Not quite.  My network is (e.g.) 10.1.2.0/24 and his is 10.3.4.0/24.  All
the machines on our networks have netmasks of 255.255.255.0.  I guess
changing the netmasks to 255.0.0.0 would make the broadcasts be
10.255.255.255 which might work I suppose but then surely the netmasks are
wrong.  The gateways will still have to have the netmasks as 255.255.255.0
to route between the networks correctly so therefore the gateways and the
client PC's will have different netmasks for the same network.

>> The problem I have is that it doesn't appear that broadcast packets
>> get routed across the link (and I wasn't expecting them to cross
>> routers).  But this is a problem because we want to allows CUPS and
>> SMB across the link and both programs use broadcasts to announce
>> their presence.  I know we can set up CUPS to use a specific address
>> and we can set up Samba to use a WINS server but I'd really like to
>> get it to work without doing those things. Does anyone know of a way
>> to get this to work or should I give up and use the previously
>> mentioned methods? 
> 
> I don't see a problem with configuring CUPS or Samba to use a
> specific IP or network address range. This is exactly what I do.

It's a problem if I configure Samba to use a WINS server on the other side
as each time a want to look up a machine name it'll have to connect to my
firends network.  If I set up the WINS on my side then he has the same
problem.  Or am I missing something here and the servers can replicate
between themselves and therefore we can have one on each side.

JD

_____________________________________________________________________
This message has been checked for all known viruses by the 
MessageLabs Virus Scanning Service