(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version


Best of the Newsgroups: vpn subnets

What is this stuff?

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):



From: bv@wjv.comREMOVE (Bill Vermillion)
Subject: Re: networking with xp
References: <bfbc8513.0212260801.1688f665@posting.google.com> <1er4cv4qsc931nv4f0lu719lfnabgu7rtg@4ax.com> <HEw322.15D@wjv.com> <6re7cv41mbj8n5i4hcteplr1f5j3k08r24@4ax.com> 
Date: Thu, 15 May 2003 18:27:32 GMT

In article <6re7cv41mbj8n5i4hcteplr1f5j3k08r24@4ax.com>,
Jeff Liebermann  <jeffl@comix.santa-cruz.ca.us> wrote:
>On Wed, 14 May 2003 18:27:30 GMT, bv@wjv.comREMOVE (Bill Vermillion)
>wrote:





>>>A clueless expert buys a pile of routers with hardware VPN and sets
>>>them up using the default IP block.  Usually, that's 192.168.0.xxx.

>>And using the default 255.255.255.0 netmask - instead of changing
>>it. ?   Lets all boycott MS for screwing this up.

>You'll also have to boycott all the VPN terminating router
>manufacturers.  Linksys, Netgear, DLink, Sonicwall, Netscreen, ad
>nausium.  They all default to 255.255.255.0.  So does SCO on all their
>LAN configs.

It's not the default setup that's the problem - it's the way MS
does things - at least from what I've seen in the past.

Define an address.  192.168.1.115 netmask 255.255.255.240
That is part of a 192.168.1.112 to 192.168.1.127 block
with usable IPs of .113 thru .126 and a broadcast of .127

In an MS machine you can set the gateway to be 192.168.1.1 and it
will work - and that is NOT supposed to be the way it works.
Your gateway is supposed to be in the net-block you have defined.




It's not the >default< netmask I'm talking about - but MS
assuming that you can address anything in the 'C' range of 255
address - even it if is outside of your network.

I ran across this when setting up show networks.   These would be
mixed architectures and some would have routers on the show floor
demonstrating their wireless efforts and being able to access the
real world.

I could put an MS machine anywhere inside the block and use the .1
address on that particular Cisco ethernet link as a gateway.

But with routers, and non-MS machines, I've have to drop an alias
on top of the ethernet card that was inside the assigned net-block,
as the other devices could not see the gateway if it was outside
their net-block.

Those led to some interesting trouble shooting exercises at times.
Sometimes I'd have to route a T1 to the floor for the comm demos -
but with 32 serial ports on the router that was no problem - other
than the constant wiring changes.

Does this explanation of the problem make more sense with this
explanation?   

Bill
-- 
Bill Vermillion - bv @ wjv . com



Click here to add your comments


Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar


/Bofcusm/2082.html copyright 1997-2004 (various authors) All Rights Reserved

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments



Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.



More:
       - OSR5
       - Bofcusm


Unix/Linux Consultants

Skills Tests

Guest Post Here










My Favorites

Change Congress