On 28 Jul 2003 12:43:47 -0700, phil.googlenews@bolthole.com wrote:
>...
>I tried setting up IP tunnelling, via ip.tun0, but I couldnt get it to
>actually send the packets. The route showed up appropriately, but no
>actual packets got sent :-(

My own stupid fault... turns out I also had sunscreen installed on the box.
Which, while having an ALMOST wide open policy... wasnt wide enough :-}

For the record, it is possible to use ip tunelling without any encryption
just fine. So, I can now reach the "private" interface of a server using IP
tunnelling.

The trick is apparently that you have to use a throwaway IP address on your
local endpoint. Or some address other than the one you use to talk
directly to the server, at any rate.
You need to have a pair of addresses for the tunnel "endpoints",
and then a DIFFERENT pair of addresses for the traffic inside the tunnel.



--- Sample configuration ----------------------------------------



server
10.1.1.1, 192.168.1.1

client machine
10.4.6.8


throwaway endpoint addr, that I just made up:
192.168.50.50

on client machine:

ifconfig ip.tun0 plumb
ifconfig ip.tun0 192.168.50.50 192.168.1.1 tsrc 10.4.6.8 tdst 10.1.1.1 up

on server:

ifconfig ip.tun0 plumb
ifconfig ip.tun0 192.168.1.1 192.168.50.50 tsrc 10.1.1.1 tdst 10.4.6.8 up



--
http://www.blastwave.org/ for solaris pre-packaged binaries with pkg-get
Organized by the author of pkg-get
[Trim the no-bots from my address to reply to me by email!]
S.1618 http://thomas.loc.gov/cgi-bin/bdquer...5:SN01618:@@@D
http://www.spamlaws.com/state/ca1.html