[SWLUG] CIPE VPN two LANs problem
Robert McQueen
robot101 at debian.org
Fri Jan 10 16:20:56 UTC 2003
On Fri, Jan 10, 2003 at 11:13:05AM +0000, David Elir Evans wrote:
> I am experimenting with connecting two LANs with private ip addresses
> over the internet using cipe.
> LAN A 192.168.0.0/24
> LAN B 192.168.1.0/24
>snip<
> Do I have my routing set up OK ?
Looks correct.
> Am I right in believing that my cipe configuration is OK ?
Probably so. However I must warn you that CIPE is evil (almost entirely
kernel-based, needlessly), mostly unmaintained and possibly insecure
(remotely crashable with malformed packets). For a more modern
Linux-specific VPN solution, check out OpenVPN
(http://openvpn.sourceforge.net/), which is userspace and communicates
through a TAP/TUN device to present the 'lan on the other end' to the
kernel.
Although you could also consider using IPsec for this, for warm fuzzy
standards-compliance. Also because a kernel-side thing will probably be
faster. The 'usual' implementation, FREES/WAN is overly invasive to the
kernel, and pretty overcomplex. The not-so-well-known one, which I've
heard great things about, is the one that was merged into the kernel 2.5
series, from the USAGI group. See:
ftp://ftp.linux-ipv6.org/pub/usagi/patch/ipsec/
> Is it my iptables firewall that is causing the problem ?
That's a distinct possibility. What rules do you have set up?
> Regards
>
> David Evans
Regards,
Rob
More information about the Swlug
mailing list