From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <esj@eggo.org>
Received: from z.eggo.org (z.eggo.org [80.235.105.138])
	by huchra.bufferbloat.net (Postfix) with ESMTP id D565321F410
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu,  2 Oct 2014 20:05:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by z.eggo.org (Postfix) with ESMTP id B188D3C360B;
	Fri,  3 Oct 2014 06:05:12 +0300 (EEST)
Received: from z.eggo.org ([127.0.0.1])
	by localhost (z.eggo.org [127.0.0.1]) (amavisd-new, port 10032)
	with ESMTP id IAEqiU4keMp8; Fri,  3 Oct 2014 06:05:12 +0300 (EEST)
Received: from localhost (localhost [127.0.0.1])
	by z.eggo.org (Postfix) with ESMTP id 053AE3C19A8;
	Fri,  3 Oct 2014 06:05:12 +0300 (EEST)
X-Virus-Scanned: amavisd-new at harvee.org
Received: from z.eggo.org ([127.0.0.1])
	by localhost (z.eggo.org [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id FIh1nacljmzt; Fri,  3 Oct 2014 06:05:11 +0300 (EEST)
Received: from [172.30.42.25] (unknown [73.38.247.110])
	by z.eggo.org (Postfix) with ESMTPSA id 717763C190F;
	Fri,  3 Oct 2014 06:05:11 +0300 (EEST)
Message-ID: <542E1267.1000208@eggo.org>
Date: Thu, 02 Oct 2014 23:05:11 -0400
From: "Eric S. Johansson" <esj@eggo.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
	rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: =?UTF-8?B?Sm9lbCBXaXLEgW11IFBhdWxpbmc=?= <joel@aenertia.net>
References: <542DFCCA.7080708@eggo.org>
	<CAKiAkGRVLi_KpG0YyvQV5oOuoxyv8CorGfNCB1uSPCpZL0p8+g@mail.gmail.com>
In-Reply-To: <CAKiAkGRVLi_KpG0YyvQV5oOuoxyv8CorGfNCB1uSPCpZL0p8+g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] vpn fw question
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 03 Oct 2014 03:05:44 -0000


On 10/2/2014 10:24 PM, Joel Wir=C4=81mu Pauling wrote:
> I.e Your topology looks like this :
>
> [(Remote LAN) - VPN Client]---[INTERNET]---(Local LAN)[WAN][LAN][REMOTE=
-LAN])
>
> Your Local LAN knows nothing about Remote LAN and Vice versa. There is
> just a single Inteface/Client member that is a member of REMOTE-LAN.
> So to get traffic from Local LAN to Remote LAN all Local-LAN traffic
> needs to be masqueraded to that Single interface.

ah, thanks for the clarification.  my function oriented topology looks=20
like this:

[ 34-38 target lan - vpn server - fw ] - - - [ I ] - + -( fw - vpn=20
client - - - lan - - - workerbees(6) )
+ -( rw worker bee )
+ -( rw worker bee )
+ -( cerowrt worker bee ) ...

I don't think the natted form is going to work terribly well because all=20
the WB's need access to all the target machines. Also our routing tables=20
are=E2=80=A6 significant

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt=20
Iface
0.0.0.0         73.38.246.1     0.0.0.0         UG        0 0          0=20
ge00
10.42.66.0      10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.1.0       10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.2.0       10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.3.0       10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.4.0       10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.5.0       10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.6.0       10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.7.0       10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.8.0       10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.9.0       10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.10.0      10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.11.0      10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.12.0      10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.13.0      10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.14.0      10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.43.15.0      10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.199.188.0    10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0
10.199.188.193  0.0.0.0         255.255.255.255 UH        0 0          0=20
tun0
73.38.246.0     0.0.0.0         255.255.254.0   U         0 0          0=20
ge00
172.30.42.0     0.0.0.0         255.255.255.224 U         0 0          0=20
se00
172.30.42.0     0.0.0.0         255.255.255.0   !         0 0          0 =
*
172.30.42.64    0.0.0.0         255.255.255.224 U         0 0          0=20
sw00
172.30.42.96    0.0.0.0         255.255.255.224 U         0 0          0=20
sw10
192.168.9.0     10.199.188.193  255.255.255.0   UG        0 0          0=20
tun0

and WTH is this?
172.30.42.0     0.0.0.0         255.255.255.0   !         0 0          0 =
*

--- eric