On 21/03/11 09:43, Baruch Siach wrote:
Hi Shachar,
On Mon, Mar 21, 2011 at 04:51:43AM +0200, Shachar Shemesh wrote:
I think so.
Instead of me trying to explain it to you, why don't you just try to
draw the network topology you think will solve the problem. I
believe that will give you the answer you are seeking.
A VPN client may do one-to-one NAT of one (or more) remote hosts, and map
these hosts to a netmask that does not interfere with local host's routing
table. I'm not sure whether there is such a VPN client, but it is still a
theoretical solution to this problem.
baruch
We have a remote network 10.0.0.0/22, which are actually four /24
networks, but I'm digressing.
Our computer has the IP address of 10.17.17.17/8 with a default route
set to 10.0.0.1. This is our problem.
Your proposed solution: the VPN client performs a NAT that translates
10.0.0.0/22 to 172.16.0.0/22 so that there is no conflict.
My question - what happens if the local network I'm on is not just the
local network, but a slightly more complex setup? Furthermore, what
happens if the more complex setup means that I need, as part of my LOCAL
work, to access the peer network (routable via 10.0.0.1) that is also
172.16.0.0/22? Your new routing table hides it.
Granted, local address translation solves 90% of the problem, but not
100% of it. Instead, I'll suggest that choosing (for the office space)
10.42.32.0/22 as the address resolves the problem to much larger
percentage of the cases, with no address translation needed. The chances
that this particular block will be used by the hotel are miniscule, and
this route, being /22, takes precedence over the /8 route used by the hotel.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
