[K12OSN] easy VPN?

Julius Szelagiewicz julius at turtle.com
Sat Apr 24 14:58:34 UTC 2004 

On Fri, 23 Apr 2004, Les Mikesell wrote:

> On Fri, 2004-04-23 at 15:26, Julius Szelagiewicz wrote:
>
> > 	I can actually use light-weight k12 server for remote end and a
> > spare k12 server for hq end - cipe is obviously included. my problem with
> > cipe is the documentation. it is rather verbose in obvious places and very
> > sparse in non-obvious. The description of server end seems to translate
> > into "and the magic happens here". the docs for openvpn are a bit scary.
> > 	perhaps i just need to plug away at cipe. thanks, julius
>
> I've used it for years to back up and sometimes replace frame relay
> connections and it's one of those rare things that 'just works' once
> you get about 6 entries right.  I started using it before RedHat added
> the GUI so most of mine are hand-configured in the options file and
> a lot of the endpoints are SME boxes where you have also have to tweak
> the firewall rules, but I do have a box at home where I used the
> GUI.  You basically pick two network addresses for the CIPE interface
> endpoints (they can be arbitrary but I always use the 2 usable addresses
> of a 4-host subnet just like it was a real WAN interface) and give it
> the remote (real) address and UDP port for the tunnel packets.  If
> you have trouble, I can look at the box at home and verify which address
> goes where.  You also have to set up routing the same way you would if
> it were a real WAN link.  It works best if you run it on a box that
> is also your default gateway to the internet but other ways can work
> if you add routes or run zebra (now quagga) with some routing protocol.
>
Les,
	i didn't even think of gui, doh! The cipe device appears as a
first selection under "add device". we'll see. first a bike ride and then
work. will report.
	one additional question: how silly would it be to have single
piece of equipment serving as both k12 and cipe vpn device for a small
group of users. the network is T1 terminated by cisco 2170, natted with
passthrough from public to private addresses.
julius

More information about the K12OSN mailing list