[Beds] Broadcast packets over VPN
David Pashley
david at parguild.co.uk
Tue Mar 18 17:13:00 2003
--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Jonathan Dye said, and I quote:
> Neil Darlow wrote:
> > On Tuesday 18 Mar 2003 10:38, Jonathan Dye wrote:
> >> Not quite. My network is (e.g.) 10.1.2.0/24 and his is 10.3.4.0/24.
> >> All the machines on our networks have netmasks of 255.255.255.0. I
> >> guess changing the netmasks to 255.0.0.0 would make the broadcasts be
> >> 10.255.255.255 which might work I suppose but then surely the
> >> netmasks are wrong. The gateways will still have to have the
> >> netmasks as 255.255.255.0 to route between the networks correctly so
> >> therefore the gateways and the client PC's will have different
> >> netmasks for the same network.=20
> >=20
> > Can't you agree to use the same subnet? You are after-all attempting
> > to create a VPN. It makes sense for it to be a single homogenous
> > subnet. This would provide you with a single broadcast address and
> > allow for easy configuration of Samba's networking etc.
>=20
> In which case how do I configure the gateways to route the packets to the
> correct interfaces?
Weird proxy arp stuff and bridging? I wouldn't bother.
>=20
> My gateway has eth0 10.1.2.0/24 and ipsec0 10.3.4.0/24 while my firend has
> eth0 10.3.4.0/24 and ipsec0 10.1.2.0/24. If we decide to have the network
> 10.1.0.0/16 then if I configure my gateway it'll be:
> eth0 10.1.0.0/16 and ipsec0 10.1.0.0/16 surely this won't work as the
> machine won't be able to decide which interfaces to send packets to (e.g.)
> 10.1.0.23 to?
>=20
> I'll have another look through the FreeSWAN stuff to see if I can do what
> you suggest. It does make sense to be able to do it but I havn't yet fou=
nd
> out how.
>=20
> >> It's a problem if I configure Samba to use a WINS server on the
> >> other side as each time a want to look up a machine name it'll have
> >> to connect to my firends network. If I set up the WINS on my side
> >> then he has the same problem. Or am I missing something here and
> >> the servers can replicate between themselves and therefore we can
> >> have one on each side.=20
> >=20
> > Any resolution mechanism, and Samba can use DNS too, requires a
> > working resolver of some sort. You could resort to using a
> > hosts/LMHOSTS file to
> > resolve some of the machines either his services, for when you are
> > disconnected, or for your local machines. Part-time networks
> > inevitably cause these type of problems.
>=20
> Yes, DNS is going to be another problem but we don't care about that for
> now, it's a future task, or a never task!
Run a DNS server at each end, each server is primary for their end and
the other end is secondary. That way you can configure your own part and
the other end will get a copy of the information too.
>=20
> I have just been informed of the remote announce and remote browse sync
> features in samba though which look like they will do what I want.
>=20
> JD
--=20
David Pashley
david@davidpashley.com
Nihil curo de ista tua stulta superstitione.
--ikeVEW9yuYc//A+q
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+d0a/YsCKa6wDNXYRAsSWAKCPZVhmfnxAIpkeyMQrZKt947GjBwCfcfE6
oIbidUgM7T5m3zA4wldUhyw=
=lrIA
-----END PGP SIGNATURE-----
--ikeVEW9yuYc//A+q--