Shiva LanRover VPN

Jon Carnes jonc at HAHT.COM
Thu Jan 20 08:07:44 EST 2000 

Just a guess, but I would say you need multiple tunnels if you are going to
have multiple endpoints.

For most Tunnels to work, you have to have an ip address on one end, and
another on the other end (same network).  If your Lan Rover is routing the
Tunnels then the addresses for this virtual network are different from your
local LAN addresses.  You need to program your router to send all packets
for the virtual network to your Lan Rover.  Your Lan Rover will have two
addresses: one that is on your local LAN, and another that is used for
Virtual Connections (the end-point of the Tunnels).

If the Lan Rover is bridging the Tunnels, then all the addresses must be
valid for your local LAN.  In this case, I believe the device puts itself
into promiscuous mode and intercepts all packets for attached clients.

In both cases, the Lan Rover needs to have a pool of addresses to hand out
to clients, as they attach to it.  If the device is bridging the Tunnels,
then you can just use a local DHCP server on your network.  If the device is
routing, then you will have set it up with a virtual LAN, like
192.168.1.0/255.255.255.0.  In this case, the Lan Rover would have its local
LAN address and the address 192.168.1.1.  You would enable it hand out
addresses, and then specify that it can hand out the range: 192.168.1.2 thru
192.168.1.254.

I imagine that the Lan Rover works with other protocols and not just TCP/IP.
Most likely it also works with IPX (Novell protocol).  That being the case,
it is possible that you may be using strictly IPX on your LAN and not be
using TCP/IP at all.  This is the only case that I can see in which you
would want to "turn off the Client IP check box".

Hope that helps,

Jon Carnes
MIS - HAHT Software
----- Original Message -----
From: "Thomas J. Arseneault" <arsen at GNAC.COM>
To: <VPN at SECURITYFOCUS.COM>
Sent: Monday, January 17, 2000 4:30 PM
Subject: Shiva LanRover VPN


> Software version 6.6. I'm trying to get the single user tunnel to work but
> it keeps complaining about "Can't assign Client IP". I have tried turning
> off the "Client IP" check box to no avail. I'm unclear about the use of
the
> multiple tunnel config and am also wondering if that is what I should be
> doing instead of a single tunnel. The initial tests are being done with a
> single user but the active config will have multiple users from multiple
> sites. We plan on using Certs once we get up and running but the tests
will
> be done with shared secret's.
>
> Also how does one deal with DHCP address at the far end?
>
> I'm sure I left out something important so if you all need more
information
> please feel free to ask for it. P.S. I have never gotten one of these to
> work so I don't know what a working one looks like so sanitized configs
> would come in handy. Thanks.
>
>
> **********************************************
> Tom Arseneault
> System Admin.
> Gnac Inc.
> arsen at gnac.com
> **********************************************
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list