Chapter 6. Virtual Private Networks


63


/sbin/ifdown cipcb0


Configuring clients requires the creation of localized scripts that are run after the device has


loaded. The device configuration itself can be configured locally via a user created file called


/etc/sysconfig/network scripts/ifcfg cipcb0


. This file contains pieces of parameters


that determine whether the CIPE connection occurs at boot time and what the name of the CIPE


device is, among other things. The following is the


ifcfg cipcb0


file for a remote client


connecting to the LAN A CIPE server:


# These first four should be self explanatory. Change as required.


DEVICE=cipcb0


ONBOOT=yes


BOOTPROTO=none


USERCTL=no


# This is the device for which we add a host route to our CIPE peer through.


# You may hard code this, but if left blank, we punt and try to guess from


# the routing table in the /etc/cipe/ip up.local file.


PEERROUTEDEV=


# We need to use internal DNS when connected via cipe. These may change,


# but for now, they are correct as of 20010604.


DNS=192.168.1.254


The CIPE device is named


cipcb0


. The CIPE device will be loaded at boot time (configured via


the


ONBOOT


field) and will not use a boot protocol (for example, DHCP) to receive an IP address for


the device. The


PEERROUTEDEV


field determines the CIPE server device name that the client will be


connecting to. If no device is specified in this field, one will be determined after the device has been


loaded.


If your internal networks are behind a firewall (always a good policy), you need to set rules to al 


low the CIPE interface on the client machine to send and receive UDP packets. Refer to Chapter 7


for information on configuring a firewall for Red Hat Linux. For our example, IP tables rules are


implemented.


Note


Clients should be configured such that all localized parameters are placed in a user created file called


/etc/cipe/ip up.local. The local parameters should be reverted when the CIPE session is shut


down using /etc/cipe/ip down.local.


Firewalls should be configured on client machines to accept the CIPE UDP encapsulated packets.


Rules may vary widely, but the basic acceptance of UDP packets is required for CIPE connectivity.


The following IP tables rules allow UDP packets for the CIPE connection for the remote client con 


necting to the LAN; the final rule adds IP Masquerading to allow the remote client to communicate to


the LAN and the Internet:


/sbin/modprobe iptables


/sbin/service iptables stop


/sbin/iptables  P INPUT REJECT


/sbin/iptables  F INPUT


/sbin/iptables  A INPUT  j ACCEPT  p udp  s 10.0.1.1


/sbin/iptables  A INPUT  j ACCEPT  i cipcb0


/sbin/iptables  A INPUT  j ACCEPT  i lo


/sbin/iptables  t nat  A POSTROUTING  s 192.168.0.0/24  o eth0  j MASQUERADE








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved