[SWLUG] CIPE VPN two LANs problem

Robert McQueen robot101 at debian.org
Fri Jan 10 16:20:56 UTC 2003


On Fri, Jan 10, 2003 at 11:13:05AM +0000, David Elir Evans wrote:
> I am experimenting with connecting two LANs with private ip addresses
> over the internet using cipe.
> LAN A 192.168.0.0/24
> LAN B 192.168.1.0/24
>snip<
> Do I have my routing set up OK ?

Looks correct.

> Am I right in believing that my cipe configuration is OK ?

Probably so. However I must warn you that CIPE is evil (almost entirely 
kernel-based, needlessly), mostly unmaintained and possibly insecure
(remotely crashable with malformed packets). For a more modern
Linux-specific VPN solution, check out OpenVPN 
(http://openvpn.sourceforge.net/), which is userspace and communicates
through a TAP/TUN device to present the 'lan on the other end' to the
kernel.

Although you could also consider using IPsec for this, for warm fuzzy
standards-compliance. Also because a kernel-side thing will probably be 
faster. The 'usual' implementation, FREES/WAN is overly invasive to the
kernel, and pretty overcomplex. The not-so-well-known one, which I've
heard great things about, is the one that was merged into the kernel 2.5
series, from the USAGI group. See:
 ftp://ftp.linux-ipv6.org/pub/usagi/patch/ipsec/

> Is it my iptables firewall that is causing the problem ?

That's a distinct possibility. What rules do you have set up?

> Regards
> 
> David Evans

Regards,
Rob





More information about the Swlug mailing list