Re: [LARTC] vpn control
linux-linux using ip tunnels - modprobe ip_gre eg ip tunnel add china mode gre remote xxx.xxx.xxx.xxx local \ xxx.xxx.xxx.xxx ttl 255 ip link set china up ip addr add 192.168.1.11 dev china ip route add 192.168.5.0/24 dev china ps - any hackers - don't bother - the firewalls will only accept connections from specific ip addresses On Mon, 2004-01-05 at 16:24, Damion de Soto wrote: > Hi Rick, > > can i now put rules in for the tunnels to control traffic within each > > tunnel (that's where our video conferencing etc runs)? > What type of VPNs are you using? IPSec ? > You can put htb rules on ipsecX interfaces and they will work. > the pppX interfaces for pptp and l2tp VPNs should work just as well. > > > control the real interface (eth1 in our setup)? if not can i somehow see > > the packets inside the vpn packets and then control them? > With some clever kernel hackery, you probably could do this, I don't think it would > be any fun at all though. > > regards, ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] vpn control
Rick Marshall wrote: linux-linux using ip tunnels - modprobe ip_gre ip tunnel add china mode gre remote xxx.xxx.xxx.xxx local \ xxx.xxx.xxx.xxx ttl 255 ip link set china up ip addr add 192.168.1.11 dev china ip route add 192.168.5.0/24 dev china Hrrm, not 100% sure on GRE tunnels, but I can't see why they wouldn't. You should be able to just create all your tc rules on the 'china' device. -- ~~~ Damion de Soto - Software Engineer email: [EMAIL PROTECTED] SnapGear - A CyberGuard Company ---ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliancesweb: http://www.snapgear.com ~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] vpn control
Hi Rick, can i now put rules in for the tunnels to control traffic within each tunnel (that's where our video conferencing etc runs)? What type of VPNs are you using? IPSec ? You can put htb rules on ipsecX interfaces and they will work. the pppX interfaces for pptp and l2tp VPNs should work just as well. control the real interface (eth1 in our setup)? if not can i somehow see the packets inside the vpn packets and then control them? With some clever kernel hackery, you probably could do this, I don't think it would be any fun at all though. regards, -- ~~~ Damion de Soto - Software Engineer email: [EMAIL PROTECTED] SnapGear - A CyberGuard Company ---ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliancesweb: http://www.snapgear.com ~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] vpn control
we have an external 2Mbit dsl connection and running on it are several gre vpn tunnels so far i've given priority to the vpn traffic (using htb) can i now put rules in for the tunnels to control traffic within each tunnel (that's where our video conferencing etc runs)? or can i only control the real interface (eth1 in our setup)? if not can i somehow see the packets inside the vpn packets and then control them? thanks rick ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/