On Tuesday 29 July 2003 04:53 pm, Alex Rhomberg wrote: > > It's fairly straightforward. Let's say you've got a machine on the > > internet with nothing between you and the 'net. You're running with a > > public IP(I'm gonna use a private, so just pretend) of 172.16.8.1 on > > your machine, and you're connected to a VPN. Routing is also turned on > > on this particular machine. > > I still don't get it: Let's say I have the setup you described, with > 192.168.1.0/24 being my VPN. You're sitting on the other side of the > Internet, say 10 hops away. How can you send a packet to 192.168.1.1? Is > there a standard tunneling method that is always activated? The 10 hops on > the way would all drop a packet sent to 192.168.1.1. > > Wouldn't the cryptic commands you described only work on my next hop, i.e. > the ISPs router? This would reduce the number of people who can get at my > VPN quite significantly (ISP admins instead of "whole Internet")
The private addressing sent via the tunnel is encapsulated and encrypted under the public ip address of the VPN gateway. Nothing outside of the VPN gateways (ie... internet) would have any idea that any private addressing is attached to these packets. To further the earlier question of using both VPN and internet access at the same time..... you can't run a VPN w/o internet access can you? :) In all cases, the proper routing is needed for *any* VPN to work properly. Improper routing is the security risks that would be commonly found, though FreeS/WAN makes this setup extremely simple (built-in). -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html