Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Im a bit of a linux newbie, so please bear with me here.
I have set up my first firewall using Smoothwall GPL. Its simple, rocks, and Im very happy with it, if anyone else is considering doing the same.
Now I want to sort out the VPN option so I can connect to another base and do remote admin/file sharing and that sort of thing. The problem is that the only part of the Smoothwall documentation that is confusing is the VPN config.
I dont quite get the whole left/right/next hop thing.
Can anyone help and explain to me how I do this. I have 2 bases (lets call them BASE X and BASE Y).
Both have seperate ISP's, but the main config is exactly the same...both on DSL, both using DHCP and the firewall is NAT translating to 192.168.X.X
BASE X has internal network 192.168.1.x/24 and external network A.B.C.D/29. This firewalls Green Eth Card is set to 192.168.1.1
BASE Y has internal network 192.168.2.x/24 and external network E.F.G.H/28. This firewalls Green Eth Card is set to 192.168.2.1
My question is, how do I fill in the following fields (in both BASE X and BASE Y)
name
left
left next hop
left subnet
right
right next hop
right subnet
I have tried it already, but It told me that the subnet was wrong. I dont want to screw it up, so was hoping that someone who has done this already can basically tell me the settings using the algebraic settings as above.
And There's a virtual (or real if you live close to Leeds, UK) pint in it for anyone who can help....
Yeah,
it's a pity it is so simple, and we cannot understand it until it works!!! You're certainly not alone with this...
First,
the next hop is for "routing".
If you exit the VPN you are unencrypted, and maybe on an incorrect network segment, so the 'next hop' is a "routing" function to push the packets to the next router/gateway down the line until they find the correct network, rather than being dumped on Smoothie's local network...Oops! Not correct. Read the thread below please!
Use them if you need to, or leave them blank.
2nd, make sure you are using the v1.0 software rather than the Beta versions. Some people are playing with the iptables scripts forgetting that there cannot be any SNATing on the ipsec channel!!
3rd, enter the subnets that you use in the local network, so, without a hop, match the settings on each Smoothie's GREEN interface
4th, make sure you use different GREEN ip ranges so local routing knows they are remote addresses...
5th, make the ip numbers in 'left' & 'right' as static as possible, even if this means leaving the VPN up all the time.
6th, copy the "secret" to each machine.
7th, make sure the information is "identical" in each Smoothie. "left" is eg 195.117.7.xxx in each Smoothie. Don't swap the left/right numbers at each end...
Comments...
Especially for Dynamic numbers... figure out how often your DSL numbers rotate. If it's a real bugger, get static numbers. This is how often you will need to change the left/right numbers.
There is a Smoothwall GPL mailing-list forum from their website for any newbie/technical questions, and an archive for historically "similar" questions.
Last edited by peter_robb; 02-28-2003 at 10:35 AM.
From the built-in Smoothie help file in the VPN tag...
"Name: A simple name to reference this connection. Use lowercase letters only.
Left = vpn1 (Leeds)
Right = vpn2 (Manchester)
Left/Right: The internet IP address of the Left/Right side of the connection.
Left = Leeds RED ip number
Right = Manchester RED ip number
Left/Right next hop: The next hop from Left/Right side back into the Internet (i.e. the default gateway of the left/right RED device).
Left = ISP gateway ip number Leeds Smoothwall is using in routing table
Right = ISP gateway ip number Manchester Smoothwall is using in routing table
Left/Right subnet: The network of the left/right hand side (e.g. 192.168.0.0/24 would include 192.168.0.*).
Left = Leeds network 192.168.1.0/24
Right = Manchester network 192.168.2.0/24
Secret: The password for the connection.
Last edited by peter_robb; 02-28-2003 at 10:43 AM.
Left/Right subnet: The network of the left/right hand side (e.g. 192.168.0.0/24 would include 192.168.0.*).
Left = Leeds network 192.168.1.0/24
Right = Manchester network 192.168.2.0/24
Hello guys, I am trying to set up a vpn as well using your information. But I don't really understand the information about the above (/24) so I would like to ask Kalliste what the exact subnets are he used to make his vpn work.
Left/Right subnet: The network of the left/right hand side (e.g. 192.168.0.0/24 would include 192.168.0.*).
Left = Leeds network 192.168.1.0/24
Right = Manchester network 192.168.2.0/24
Hello guys, I am trying to set up a vpn as well using your information. But I don't really understand the information about the above (/24) so I would like to ask Kalliste what the exact subnets are he used to make his vpn work.
regards, gerry
Gerry I hope I can answer your question about the 192.168.1.0/24
The first thing I believe I need to tell you about is the 24. The 24 is another way of saying 255.255.255.0
remembering that you can use the numbers from 0 to 255 that is 256 possible numbers to use. 256 in decimal is 11111111 in binary. Therefore in binary the subnet is 11111111.11111111.11111111.00000000 ok now... after explaining that now the question is how many 1 binary bits are used when the subnet mask is 255.255.255.0? 24, that is where the 24 comes from.
Now because 255.255.255 is used for the subnet mask that means the subnet is 192.168.1
What if you have VLans configured? What subnets do you put it in then? The subnet of the device you want to retrieve files from or the subnet of the router?
Also is this a site to site VPN or can it be access outside from any network?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.