Antwort: Re: [Openswan Users] GRE and routing

Frank.Mayer at knapp-systems.com Frank.Mayer at knapp-systems.com
Wed Oct 5 21:00:52 CEST 2005


Michael,

I think what you want is a WINS-proxy in the remote network rather than 
tunneling broadcast traffic.

A quick "google" for "+WINS +proxy"  gave me this page
http://www.mcmcse.com/microsoft/guides/winshints.shtml
that seems to describe your setup (problem?) exactly.

And thanks for the link to that HowTo!

Best Regards,
Frank Mayer
UNIX Systemadministration
----------------------------------------------------
KNAPP Systemintegration GmbH
Waltenbachstrasse 9
8700 Leoben, Austria
----------------------------------------------------
Phone: +43 3842 805-921
Fax: +43 3842 82930-921
frank.mayer at knapp-systems.com
www.knapp.com



Michael Jurney <mikej at datasynapse.com> 
05.10.2005 19:52

An
Frank.Mayer at knapp-systems.com
Kopie

Thema
Re: [Openswan Users] GRE and routing






Frank.Mayer at knapp-systems.com wrote:

>
> Hello Michael,
>
> are you really sure you want IP-Broadcast traffic crossing your 
> router/firewall? But that's not why I'm writing to you, though.

I really don't, but it's the only solution to a problem that we're 
having with windows clients at the remote site.  We use samba at the 
central site to synchronize WINS and DNS, but clients have stopped 
announcing themselves to the WINS server on startup, so the exchange 
server is finding itself unable to update them.  It's mainly a naming 
system problem, but that's going to take much more time to disentangle 
than I have to work with right now.

Before I roll this into production I'll drop iptables rules down to 
restrict it to just udp{137,138,1229} to try and minimize the crosstalk.

> Can you, please, point me to some HowTo on setting up GRE tunnels on 
> Linux?
> I'd like to know how I could - in case of need - our Cisco-router 
> running GRE-over-IPSec to one of our customers by a Linux-Box.


The most straightforward online resource I've found concerning GRE is 
here:

http://lartc.org/howto/lartc.tunnel.gre.html

The missing piece that it doesn't address is that the ipsec tunnel needs 
to be between two /32s, which are also the local/remote endpoints of the 
tunnel.  You then add a static route for the target network pointing to 
the gre tunnel interface.

If you want to see the entire config that I'm currently using, let me 
know.  I'll happily send it along.

-- 
Michael D. Jurney
Sysadmin, DataSynapse
mikej at datasynapse.com
p: 212.842.8860

View the DataSynapse email disclaimer here:
<http://www.datasynapse.com/legal/emailprivacy.jsp>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051005/6fbc9c0e/attachment.htm


More information about the Users mailing list