Mr A Tomlinson wrote:
sorry for the question you need an non encrypted solution for p2p if yes i have the solution i tried it both way encrypted and none encrypted with openvpn .if this is what you want do not hesitate to askHi there,
Due to the incredible costs quoted by ISP's to provide a VPN solution I've been trying to figure out the easiest and simplest way to create a VPN tunnel between two networks where both endpoints are sitting behind NAT devices. Each site has a single fixed IP address and a cheap adsl Ethernet modem with NAT enabled.
I don't require encryption on the tunnel and I favour FC3/2 as the end point OS. IPSec solutions built into the OS don't work over NAT, nor does openswan and I can't follow the IPSec over UDP solutions offered. Haven't tried the PPP over ssh option (from tldp) as it got a bad wrap about reliability.
Windows2000 R&Ras has a nice pptp vpn solution that is NAT friendly and easy to setup, but I don't want to go there when I can use Linux instead for obvious reasons.
So I came back to iptunnel command (using mode ipip) and searched for examples. One of the best examples I can find is as http://www.seattlewireless.net/index.cgi/IpTunnel. I can't make it happen on my network below. What I can't figure out is: 1) Will it work over NAT ? 2) Does it require the endpoints to be in a DMZ (defined by NAT modem) or just open up specific ports for forwarding? What ports? 3) Does it require net.ipv4.ip_forward = 1 in /etc/sysctl.conf? 4) Should the tunnel endpoints have their own IP addresses and form Network C? Such as 10.3.0.0/24? 5) What are the correct ip addresses to use for the local and remote section of the iptunnel command at each endpoint ? The local eth0 and remote wan0 OR the Local wan0 and remote wan0? 6) Am I crazy for even attempting this? 7) Yes I have turned off the firewall when attempting this in my test environment.
My Network
Network A 10.1.0.0
Typical ServerA/ClientA
eth0 10.1.0.31/16 gw 10.1.0.15
| |
eth1 10.1.0.15/16
FC3, Squid Proxy IPTables, VPN Router A (ipip)--|
eth0 10.0.0.15/24 gw 10.0.0.254 |
| |
| |
eth0 10.0.0.254/25 |
Ethernet ADSL Modem, NAT Enabled |
wan0 fixed IP from ISP a.b.c.d |
| |
| |
ISP |
| |
| |
Internet | Desired VPN tunnel
| | Network C ?
| |
ISP |
| |
| |
wan0 fixed IP from ISP e.f.g.h |
Ethernet ADSL Modem NAT Enabled |
eth0 192.168.0.1/24 |
| |
| |
eth0 192.168.0.254/24 gw 192.168.0.1 |
FC3, Squid Proxy, IPTables, VPN Router B (ipip)-|
eth1 192.168.1.254/24
| |
|
eth0 192.168.1.28/24 gw 192.168.1.254
Typical ServerB/Client B
Network B 192.168.1.0
I appreciate any help, but would prefer to have a smart slugger hand me the solution on a silver plate. Fingers crossed ;-)
Andre
pgpAHybnrZWHp.pgp
Description: PGP signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
