Hi, I managed to dig a crypted tunnel between 2 LEAF boxes . ( through a pppoe adsl connexion ) each box is giving internet access to a small lan ( a few windows machines). As far of tcp/ip is concerned, everything is in place ( routing, reconnexion if one one gets another dynamic external address.) I can use vnc to take control of one machine in the other lan I can map network drives using the \\Ip.ad.dr.ess\share
Name resolution ( dns and netbios ) isn't working yet Network browsing ( "My network places" in W2K) isn't working yet and I found very little info how to make it work ( each subnet has its own windows domain/workgroup ). I based my work on the CIPED-1.LRP ( http://leaf.sourceforge.net link on the home page) (thanks Sandro) but I had to recompile the module (I use and dachstein normal ide kernel) I had a permission problem, Moving every cipe file in /cipe instead of /etc/cipe and set chmod 6|700 everything solved the problem. I'm still working on the name resolution/network browsing Regards Etienne Charlier ----- Original Message ----- From: "Greg Morgan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "DPG" <[EMAIL PROTECTED]> Sent: Friday, October 26, 2001 7:55 AM Subject: Re: [Leaf-user] CIPE/VPN for Windows Networking > "DPG" wrote: > > > > Can anyone point me to resources for this? Is this feasible? > > > Yes. I have collected three books that I found informative: > O'Reilly's "Virtual Private Networks" > McGraw Hill's "Unix Secure Shell" > O'Reilly's "Building Internet Firewalls" > lrp.c0wz.com has links to CIPE. You may want to visit the mirror at > http://c0wz.steinkuehler.net/ > http://sites.inka.de/~bigred/devel/cipe.html > http://www.linuxdoc.org/HOWTO/mini/Cipe+Masq.html > > I found this link helpful. It talks about VNC but it provides a picture > what you would be doing with cipe. CIPE provides a tunnel from one LAN > to another. http://www.uk.research.att.com/vnc/sshvnc.html > > > I am trying to develop a secure VPN between two small Windows-based LANs, > > There are some ideas here in the cipe faq > http://sites.inka.de/~bigred/devel/cipe-faq.html. If you are on a > budget you can use a samba server for the WINS server. (See > http://www.samba.org.) > > > such that for all intents and purposes, the users can't tell the difference > > between resources that are truly local vs. those that are on the remote > > network. The scenario involves two small real estate offices using 1.1 Mb > > SDSL, with the intent of sharing files and printers between the two sites. > > > > Does anyone know of such an implementation existing now? Are there any > > specific How-tos for this? > > > > Any pointers appreciated. > > > First pointer: you are advertising a service that can be attacked. > Encryption helps minimize attacks and keeping private data scrambled > from packet sniffers. Some of the Real Estate data may have people's > sensitive personal information flowing over the public network segment > of the VPN. There are people out there that want to play with you. There > are people that want to destroy your business. Just be aware of this. > > CIPE evolved from secure shell. That is why I provided the secure shell > links and books. I found the information helpful, but you will not need > all of it for implementation. Secure shell was used to run other > protocols over the secure shell protocol producing the same result you > desire. However, there are some problems doing this. CIPE was > developed to still use secure protocols but solve some of the problem of > executing one protocol over another protocol. (See > http://sites.inka.de/~bigred/devel/tcp-tcp.html.) > > Here's a picture of what you want to do. > > +-------+ +-------+ > | leaf | | leaf | > win net ----| fwall |--VPN--| fwall |---- win net > | + | | + | > | CIPE | | CIPE | > +-------+ +-------+ > > Any VPN technology implies that you have a firewall securing each LAN on > either side of the VPN. You would put a CIPE package on each LEAF/LRP > firewall. Then follow the how to and other links above to configure. I > have not done this yet, but here's all the conceptual information. > > I hope this helps, > Greg > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
