Chapter 6. Virtual Private Networks
63
/sbin/ifdown cipcb0
Configuring clients requires the creation of localized scripts that are run after the device has
loaded. The device configuration itself can be configured locally via a user created file called
/etc/sysconfig/network scripts/ifcfg cipcb0
. This file contains pieces of parameters
that determine whether the CIPE connection occurs at boot time and what the name of the CIPE
device is, among other things. The following is the
ifcfg cipcb0
file for a remote client
connecting to the LAN A CIPE server:
# These first four should be self explanatory. Change as required.
DEVICE=cipcb0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
# This is the device for which we add a host route to our CIPE peer through.
# You may hard code this, but if left blank, we punt and try to guess from
# the routing table in the /etc/cipe/ip up.local file.
PEERROUTEDEV=
# We need to use internal DNS when connected via cipe. These may change,
# but for now, they are correct as of 20010604.
DNS=192.168.1.254
The CIPE device is named
cipcb0
. The CIPE device will be loaded at boot time (configured via
the
ONBOOT
field) and will not use a boot protocol (for example, DHCP) to receive an IP address for
the device. The
PEERROUTEDEV
field determines the CIPE server device name that the client will be
connecting to. If no device is specified in this field, one will be determined after the device has been
loaded.
If your internal networks are behind a firewall (always a good policy), you need to set rules to al 
low the CIPE interface on the client machine to send and receive UDP packets. Refer to Chapter 7
for information on configuring a firewall for Red Hat Linux. For our example, IP tables rules are
implemented.
Note
Clients should be configured such that all localized parameters are placed in a user created file called
/etc/cipe/ip up.local. The local parameters should be reverted when the CIPE session is shut
down using /etc/cipe/ip down.local.
Firewalls should be configured on client machines to accept the CIPE UDP encapsulated packets.
Rules may vary widely, but the basic acceptance of UDP packets is required for CIPE connectivity.
The following IP tables rules allow UDP packets for the CIPE connection for the remote client con 
necting to the LAN; the final rule adds IP Masquerading to allow the remote client to communicate to
the LAN and the Internet:
/sbin/modprobe iptables
/sbin/service iptables stop
/sbin/iptables  P INPUT REJECT
/sbin/iptables  F INPUT
/sbin/iptables  A INPUT  j ACCEPT  p udp  s 10.0.1.1
/sbin/iptables  A INPUT  j ACCEPT  i cipcb0
/sbin/iptables  A INPUT  j ACCEPT  i lo
/sbin/iptables  t nat  A POSTROUTING  s 192.168.0.0/24  o eth0  j MASQUERADE






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved