[TriLUG] Routing question

[Jonathan Woodbury]

+1 for IPv6.  Once again, NAT is causing trouble.

There's good IPv4 advice in this thread so far.  But I really want to
stress that setting up IPv6 at home is really not very hard.  I would
highly recommend http://tunnelbroker.net.  You could be setup today!
Once you've done that, the rest could be as simple as firing up a
teredo tunnel when at Panera and accessing devices on your home
network directly.  I've been using the miredo package in Ubuntu for
teredo tunneling.  You install it, you start it, you're on the IPv6
Internet.

If you want to firewall your home network from IPv6 traffic, you can
probably still use a VPN solution, but with IPv6 addressing so you
never have to worry about conflicts or doing maintenance on your
routing table each time you want to use your VPN from a conflicting
network.

This is a great excuse to dig into IPv6 and I seriously doubt you'll
regret doing so.

Jonathan

On Thu, Apr 14, 2011 at 1:14 PM, Aaron Schrab <aaron at schrab.com> wrote:
> At 05:52 -0700 14 Apr 2011, Brian McCullough <bdmc at bdmcc-us.com> wrote:
>>
>> I sometimes want to connect to a VPN from one of my machines ( usually a
>> laptop ) while at, for instance, Panera's.  Unfortunately, perhaps, the
>> remote LAN uses 192.168 addresses, which sometimes conflict with the "home"
>> address range given to the laptop.
>>
>> I am using PPTP from the laptop, and as long as the address ranges don't
>> conflict, everything is fine.
>>
>> I tried setting a "Local IP" address on the PPP connection, and that
>> seemed to work, at least as far as the address of that port was concerned.
>>  Unfortunately, of course, I still didn't understand how to set up the
>> routing for that path, because, for instance, there is a machine local to
>> the laptop that has the address 192.168.1.123 while one of the machines that
>> I want to access on the remote LAN has the address 192.168.1.123.
>>
>> I don't think that I can reset the default route so that ALL of the
>> traffic goes through the tunnel -- Internet traffic, for instance, would
>> still travel through the "local" network, not the remote one.
>
> Before the PPTP connection is established, there's likely to be 2 routes in
> the routing table (possibly a third for the loopback network), for the local
> network, and a default route to the internet through the local gateway.
>
> That first network is the one causing trouble, but it's probably not very
> interesting since you probably don't want to connect to anything else at the
> Panera other than their internet gateway.  So you should be able to replace
> the route to that network with a host route to their gateway.
>
> Assuming that the gateway is at 192.168.1.1 and it's a /24 network the
> commands would be something like:
>
> route del -net 192.168.1.0 netmask 255.255.255.0
> route add -host 192.168.1.1 dev eth0
>
> You can then setup the PPTP connection using some bit of RFC1918 space that
> isn't in use either at the remote end or at your local end to avoid
> conflicts, and use the remote end as the gateway for a new route to the
> network you want to use.  Assuming that the PPTP connection is using
> 192.168.2.1 for the far end this would look something like:
>
> route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1
>
> If there's a host at the remote end that's using the same IP address as is
> used by the local gateway (192.168.1.1 in this example), that would still be
> unavailable to you, but this should allow you to access anything else on
> that network.
> --
> This message was sent to: Jonathan Woodbury <jpwoodbu at mybox.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/jpwoodbu%40mybox.org
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions
>