[Beds] Broadcast packets over VPN

Jonathan Dye jonathan.dye at automationpartnership.com
Tue Mar 18 11:01:00 2003 

Neil Darlow wrote:
> On Tuesday 18 Mar 2003 10:38, Jonathan Dye wrote:
>> Not quite.  My network is (e.g.) 10.1.2.0/24 and his is 10.3.4.0/24.
>> All the machines on our networks have netmasks of 255.255.255.0.  I
>> guess changing the netmasks to 255.0.0.0 would make the broadcasts be
>> 10.255.255.255 which might work I suppose but then surely the
>> netmasks are wrong.  The gateways will still have to have the
>> netmasks as 255.255.255.0 to route between the networks correctly so
>> therefore the gateways and the client PC's will have different
>> netmasks for the same network. 
> 
> Can't you agree to use the same subnet? You are after-all attempting
> to create a VPN. It makes sense for it to be a single homogenous
> subnet. This would provide you with a single broadcast address and
> allow for easy configuration of Samba's networking etc.

In which case how do I configure the gateways to route the packets to the
correct interfaces?

My gateway has eth0 10.1.2.0/24 and ipsec0 10.3.4.0/24 while my firend has
eth0 10.3.4.0/24 and ipsec0 10.1.2.0/24.  If we decide to have the network
10.1.0.0/16 then if I configure my gateway it'll be:
eth0 10.1.0.0/16 and ipsec0 10.1.0.0/16 surely this won't work as the
machine won't be able to decide which interfaces to send packets to (e.g.)
10.1.0.23 to?

I'll have another look through the FreeSWAN stuff to see if I can do what
you suggest.  It does make sense to be able to do it but I havn't yet found
out how.

>> It's a problem if I configure Samba to use a WINS server on the
>> other side as each time a want to look up a machine name it'll have
>> to connect to my firends network.  If I set up the WINS on my side
>> then he has the same problem.  Or am I missing something here and
>> the servers can replicate between themselves and therefore we can
>> have one on each side. 
> 
> Any resolution mechanism, and Samba can use DNS too, requires a
> working resolver of some sort. You could resort to using a
> hosts/LMHOSTS file to
> resolve some of the machines either his services, for when you are
> disconnected, or for your local machines. Part-time networks
> inevitably cause these type of problems.

Yes, DNS is going to be another problem but we don't care about that for
now, it's a future task, or a never task!

I have just been informed of the remote announce and remote browse sync
features in samba though which look like they will do what I want.

JD

_____________________________________________________________________
This message has been checked for all known viruses by the 
MessageLabs Virus Scanning Service