Date: Tue, 7 Oct 1997 10:18:30 -0500 (CDT) From: Wm Brian McCane <root@bmccane.uit.net> To: John-Mark Gurney <gurney_j@resnet.uoregon.edu> Cc: hackers@FreeBSD.ORG Subject: Re: SKIP Message-ID: <Pine.BSF.3.91.971007094736.24219A-100000@bmccane.uit.net> In-Reply-To: <19971006194105.38549@hydrogen.nike.efn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Okay,
Here is what I have/have to do.
/^^^^^\ ROUTER 1
( LAN 1 }--{ipfw/(skip|swipe|...)}--{Pipeline 50}
\vvvvv/ |
|
{ISP}
<---Internet--->
{ISP}
|
| ROUTER 2 /^^^^^\
{Pipeline 50}--{ipfw/(skip|swipe|...)}--{ LAN 2 )
\vvvvv/
LAN 1 is 192.168.1.0/24
LAN 2 is 192.168.4.0/24
ROUTER 1a is 192.168.1.251
ROUTER 1b is 207.142.125.225/28
ROUTER 2a is 192.168.4.251
ROUTER 2b is 204.132.78.206/28
NOTE: Internet addresses are not exactly right 8).
Data on LAN 1, destined for 192.168.4.0 needs to be caught in ROUTER 1,
and then packaged up, and sent to ROUTER 2, who unpacks the data and
dumps it on the local network.
Data on LAN 2, destined for 192.168.0.0, but not 192.168.4.0 needs to be
caught in ROUTER 2, and then packaged up, and sent to ROUTER 1, who unpacks
the data and dumps it on the local network.
What I am now looking at is an implementation somewhat similar to the
way that natd works with divert sockets. I have already configured a
firewall on both ROUTER 1 and 2. What I think I want to do is set up
rules in the firewall's to divert the appropriate addresses to the
"vpnd". He will then encapsulate the data and send it to the other
router.
In the encapsulate phase, I will probably bsdcomp the data to be sent,
and encrypt it with some very lame encryption. I was thinking of using a
scheme where each machine has the encryption keys stored in a text file,
and simply uses them to en/decrypt the data. Very basic.
Does this look like it will work. Am I insane to even think of trying
to write the "vpnd" program? I am most concerned with figuring out how
to write the "vpnd", although I have looked at the "natd" code, and it
looks fairly straight forward to me. I would simply create a "pipe" from
ROUTER 1b to ROUTER 2b. Then as data comes in from the divert socket, I
would direct it out through the "pipe". The place where I have problems
is when a packet comes in on the "pipe". How do I inject the received
data on to my local network?
brian
+-------------------------------------+----------------------------------------+
He rides a cycle of mighty days, and \ Wm Brian and Lori McCane
he represents the last great schizm \ McCane Consulting
among the gods. Evil though he obviously \ root@bmccane.uit.net
is, he is a mighty figure, this father of \ http://bmccane.uit.net/
my spirit, and I respect him as the sons \ http://bmccane.uit.net/~pictures/
of old did the fathers of their bodies. \ http://bmccane.uit.net/~bmccane/
Roger Zelazny - "Lord of Light" \ http://bmccane.uit.net/~bbs/
+---------------------------------------------+--------------------------------+
On Mon, 6 Oct 1997, John-Mark Gurney wrote:
> Wm Brian McCane scribbled this message on Oct 6:
> > Hello,
> >
> > I asked a while back about setting up a Virtual Private Network.
> > Many people suggested SKIP and 1 suggested swIPe. I have been looking at
> > the SKIP documentation, and I think we may have had a slight misunderstanding.
> >
> > From what I have read so far in the SKIP docs, it is to connect
> > Machine A to Machine B via a "secure" pipe. And I have seen a little
> > bit about possible connection Machine A to LAN C. But what I need to do
> > is connect LAN C to LAN D. Is this possible with SKIP, swIPe, or a
> > player to be named later?
>
> if you don't need extreme bandwidth.. then simply use iij-ppp... right
> now a friend and I are connected via a private network this way... he
> used to dial into my machine, but then moved to better connectivity, so
> now we just tunnle it down...
>
> the man page for iij-ppp pretty much describes what you need to do...
>
> ttyl..
>
> --
> John-Mark Gurney Modem/FAX: +1 541 683 6954
> Cu Networking
>
> Live in Peace, destroy Micro$oft, support free software, run FreeBSD
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.971007094736.24219A-100000>