IP TUNNEL / was Re: doesn't anybody use tunnelling / vpn?

[will trillich <will@serensoft.com>]

On Tue, Sep 26, 2000 at 07:51:10PM +1100, Damon Muller wrote:
> I don't know if it's sophisticated enough for what you want to do, but
> setting up port forwarding using ssh is very easy. If all you want to do
> is something like secure mail transfer, then it'll take you mere seconds
> to set up, and require no additional software or kernel compilation.
> 
> If you want to do something more sophisticated, them I'm afraid that I
> can't help you.

sounds quite intriguing! care to share a few shell command snippets?

i've also tried the ssh connect then pppd overlay with dismal results.

but i finally have succeeded (to some level, maybe not what i need,
but it's a start) with this:

	# create new device

	ip tunnel add $DEV \
		local $OUTSIDE_HERE \
		remote $OUTSIDE_THERE \
		mode gre

	# talk between these two points (with network on far end)

	ifconfig $DEV $INSIDE_HERE pointopoint $INSIDE_THERE \
		netmask 255.255.255.0

	# now re-establish our firewall rules to include the new gadget

	ipmasq

any caveats to watch for, there?

--

still can't figure out what's wrong here, tho--

	# ip link list
	Cannot send dump request: Connection refused
	# ip address show
	Cannot send dump request: Connection refused
	# ip route show
	Cannot send dump request: Connection refused
	# ip neigh show
	Cannot send dump request: Connection refused