Hey Cool, Thank you very much! Just read over your post, and found it very useful!!! Saved me from re-asking the same question.
Have a good one! --Jon On Tue, 2001-11-13 at 03:49, Thierry ITTY wrote: > > I am thinking about setting up what I would consider a simple VPN. I have > >two IP'masqed RedHat 7.2 boxes at two locations. I want to make the > >machines behind them look like they are on the same network. Is there a > >relatively easy and secure way of doing this? Seems fairly simple, but most > >documentation that I have come across seems complex. Any good suggestions? > > I'd suggest CIPE > > I think people see VPNs as a complex thing because they just don't know the > way it works > in the case of CIPE (others system too, i guess), you just get a new > network interface on each computer, and the two interfaces are in the same > ip subnet. think of it in the same manner as ppp provides a ppp0 interface > and a link over a telephony network, no matter how complex this sub layer > is : cipe provides a cipb0 interface and a link over an ip sub-layer (ther > internet, actually). > a basic configuration would be : > private network 1 <-> lanbox 1 <-> internet <-> internet <-> internet <-> > lanbox 2 <-> private network 2 > > adding a VPN between lanbox 1 and lanbox 2 just "hides" the internet sub > layer and shrinks the configuration to : > private network 1 <-> lanbox 1 <-> lanbox 2 <-> private network 2 > > now, suppose your private network 1 has IP subnet #1, private network 2 IP > subnet #2, and the VPN adds an IP subnet #3 between the lanboxes. then the > routing configuration is obvious : set a static route to subnet #2 on > lanbox 1 via lanbox 2's cipb0 ip address (ie lanbox 2's ip address in > subnet #3) and conversely a static route to subnet #1 on lanbox2 via lanbox > 1's cipb0 ip address. of course i guess that private network 1 machines > have already a default route that points to lanbox 1 and conversely for > private network 2 machines. > > now, you have a total control over routes and you can make private subnets > communicate easily and securely. > > of course, lanbox 1 and lanbox 2 can be configured to NAT outgoing packets > which do not concern private to private traffic. > > so to make short consider a vpn as a new point-to-point link. isn't it > finally easy ? > - * - * - * - * - * - * - > Si nous avons chacun un objet et que nous les echangeons, > nous avons encore chacun un objet. > Si nous avons chacun une idee et que nous les echangeons, > nous avons alors chacun deux idees. > > Thierry ITTY > eMail : [EMAIL PROTECTED] FRANCE > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
