I tried an experiment a couple months ago, lifted the commands right out of the HOWTO and chzanged the IP addresses and it all worked just fine. For a bunch of unrelated reasons, I didn't get to put mine into long term production, but I am confident that the HOWTO works. Here's what's been bugging me - I didn't see anything about shared secrets or passwords or anything like that. How does the security work? What's to stop any Joe Blow from impersonating one of the IP Addresses in a Linux PPTP-GRE tunnel? Is there any encryption? - Greg ----- Original Message ----- From: "glynn" <glynn@itextron.com> To: "Joe Patterson" <jpatterson@asgardgroup.com>; "Christoph Simon" <ciccio@kiosknet.com.br> Cc: <lartc@mailman.ds9a.nl> Sent: Sunday, January 06, 2002 10:04 PM Subject: Re: [LARTC] Gre Tunneling Problem > Hi Joe, I tried it and it wont work, same result, I could ping both but it > wont result the internal ip addresses, it seems that it only resolves the in > the interfaces but it wont allow to forward. can you figure out again pls. > Thanks. > > Glynn > > > ----- Original Message ----- > From: "Joe Patterson" <jpatterson@asgardgroup.com> > To: "glynn" <glynn@itextron.com>; "Christoph Simon" <ciccio@kiosknet.com.br> > Cc: <lartc@mailman.ds9a.nl> > Sent: Tuesday, January 08, 2002 9:01 AM > Subject: RE: [LARTC] Gre Tunneling Problem > > > > I would suggest using a different network for the gre tunnel, like: > > > > Linux A > > ip tunnel add netb mode gre remote 205.198.x.1 local 203.189.x.1 ttl 255 > > ip link set netb up > > ip addr add 192.168.3.1/30 dev netb > > ip route add 192.168.2.0/24 dev netb via 192.168.3.2 > > > > Linux B > > ip tunnel add neta mode gre remote 203.189.x.1 local 205.198.x.1 ttl 255 > > ip link set neta up > > ip addr add 192.168.3.2/30 dev neta > > ip route add 192.168.1.0/24 dev neta via 192.168.3.1 > > > > Otherwise, it's just wierd. Not that that's bad, it just sometimes > doesn't > > work... > > > > -Joe > > > > > > > -----Original Message----- > > > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On > > > Behalf Of glynn > > > Sent: Sunday, January 06, 2002 7:59 PM > > > To: Christoph Simon > > > Cc: lartc@mailman.ds9a.nl > > > Subject: Re: [LARTC] Gre Tunneling Problem > > > > > > > > > Hello Christoph, actually I havent done with netfilter rules and > > > i dont have > > > any restrictions applied for the linux, its a normal configuration, I > also > > > enable the forwarding under the /proc/sys/net/ipv4/ip_forward > > > with the value > > > of 1. can you figure out whats the problem? thanks > > > > > > Glynn > > > > > > ----- Original Message ----- > > > From: "Christoph Simon" <ciccio@kiosknet.com.br> > > > To: "glynn" <glynn@itextron.com> > > > Cc: <lartc@mailman.ds9a.nl> > > > Sent: Monday, January 07, 2002 7:41 PM > > > Subject: Re: [LARTC] Gre Tunneling Problem > > > > > > > > > > On Sun, 6 Jan 2002 17:39:46 +0800 > > > > "glynn" <glynn@itextron.com> wrote: > > > > > > > > > Hello everyone, I have a problem regarding gre tunneling, I have two > > > > > linux box both of them has a private network and the linux A is > > > > > connected to the internet via wireless radio and the other linux B > is > > > > > connected to the internet via lease line. Here is the setup of my > two > > > > > linux box > > > > > > > > > > Linux A > > > > > eth0 = 203.189.x.1 (internet) > > > > > eth1 = 192.168.1.1 (going to hub private network) > > > > > > > > > > Linux B > > > > > eth0 = 205.198.x.1 (internet) > > > > > eth1 = 192.168.2.1 (going to hub private network) > > > > > > > > > > here is my configuration in Linux A and B. I also load the modules > > > > > needed (insmod ip_gre) > > > > > > > > > > Linux A > > > > > ip tunnel add netb mode gre remote 205.198.x.1 local > > > 203.189.x.1 ttl 255 > > > > > ip link set netb up > > > > > ip addr add 192.168.1.1 dev netb > > > > > ip route add 192.168.2.0/24 dev netb > > > > > > > > > > Linux B > > > > > ip tunnel add neta mode gre remote 203.189.x.1 local > > > 205.198.x.1 ttl 255 > > > > > ip link set neta up > > > > > ip addr add 192.168.2.1 dev neta > > > > > ip route add 192.168.1.0/24 dev neta > > > > > > > > > > I could ping both sides the eth0 and also the eth1 with is for the > > > > > private network, here is my problem i couldnt ping the other > > > private ip > > > > > addresses which my eth1 is connected to the hub, anyone can help me, > > > > > whats my error. pls reply asap. thanks > > > > > > > > Do you have any netfilter rules not letting pass proto 47? You'll also > > > > have to allow forwarding. > > > > > > > > -- > > > > Christoph Simon > > > > ciccio@kiosknet.com.br > > > > --- > > > > ^X^C > > > > q > > > > quit > > > > :q > > > > ^C > > > > end > > > > x > > > > exit > > > > ZZ > > > > ^D > > > > ? > > > > help > > > > . > > > > > > > > > > > > > _______________________________________________ > > > LARTC mailing list / LARTC@mailman.ds9a.nl > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://ds9a.nl/lartc/ > > > > > > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ > > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ >
