On Monday 21 March 2005 19:44, Vlad Adomnicai wrote: > Hi, > Indeed, PPPoE is great for this, but unfortunately, in my case I would > prefere something else. For PPPoE all the auth stuff is easy, but if two > clients from the same LAN try to copy from each other, they are killing > the processor and the network card in the router instead of copying > directly from one another via the switches. You can setup a multi-homed client to address this issue > Another problem with the > PPPoE I couldn't solve was strange disconnects of clients. I couldn't > trace them to high cpu load or high network traffic. They simply appear > to be random and more, when the connection crashes, I get mismatches > between the number of pppX interfaces from ifconfig output and the > number of interfaces that I see in /proc/net/dev. works for me. Are you using encryption? > With the IPSec I hoped to ease some traffic from the routers and also > decrease the cpu load. Also I hoped I could get rid of the nasty > disconnects. Just one more thought: you can use so-called HotSpot solution. And since this thread clearly becomes off-topic, you can hit me with e-mail directly. > > Vlad Adomnicai > > Eugene Butan wrote: > >Hello Vlad, > > > >Why just not to use PPPoE between your gateways and clients? > >This way you will be sure that only authenticated clients will be given > >Internet access. > > > >Eugene > > > >On Monday 21 March 2005 16:12, Vlad Adomnicai wrote: > >>Hi, > >> I'm trying to build an ipsec gateway and somewhere I'm doing something > >>wrong. > >> > >> I have a couple of routers that have clients in their back. All the > >>routers are connected into a switch. In that switch I also have a > >>computer that provides internet access to the clients. > >> I would like to setup some sort of autentification (don't need > >>encryption), to allow me to give access to different services to > >>clients. Diferenciating services I can do on the internet gateway, but > >>on the routers I have to be certain that a certain IP is not stolen. > >> I have set up ipsec so that if a client pings his gateway, it will > >>work only if he has the same key as defined on the server. However, if > >>he pings the internet gateway, it will work, no matter what I do. I > >>would like the router to validate all packets to the outside LAN. Also I > >>would like to achieve this with the lowest CPU utilization possible > >>although this isn't critical. (about 150 clients behind one router > >>(p2-400/p3-600)). > >> > >> The documentation that I have found was only how to establish secure > >>connection between two computers, but what I need is to get outside of > >>it and if possible to not use VPN, because I want the clients that are > >>in the same LAN have maximum trasnfer speeds. > >> > >> Thx for any suggestions in advance. > >> > >>Vlad Adomnicai > >> > >>_______________________________________________ > >>LARTC mailing list > >>LARTC@xxxxxxxxxxxxxxx > >>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > >_______________________________________________ > >LARTC mailing list > >LARTC@xxxxxxxxxxxxxxx > >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
