Tunneling in Ubuntu

Werner Schram wrschram at gmail.com
Mon Mar 1 16:45:09 UTC 2010 


2010/2/28 Nazeem نجم لدين <nazeemnss at gmail.com>:
> hi,
>
> sorry for the previous mail. The tunnel as such definitely works for UDP or
> RTP in the same way. So no problem.
>
> But user space multicast routing daemon (pimd) seems to be configured a bit
> for this (I do not know the actual problem). When there a gateway which
> connects two subnets and we run pimd for routing ip-multicast, then when
> trying out ip-multicast using vlc, UDP does not work whereas RTP works. May
> be its the size of the stream that matters. Any suggestions.
>

Have you tried using tcpdump or wireshark to see how far the traffic is 
getting? If you install tcpdump, you can use:

sudo tcpdump -eni eth0 dst 239.1.1.1

Where 239.1.1.1 should be replaced with the multicast address you are 
using, and eth0 should be replaced with the network interface that you 
want to check. You can check at every interface in your network, but 
most interesting are the incomming and outgoing interface of your pimd 
host. The actual output of tcpdump is not particulary interresting, it 
is just to check if the traffic reaches an network interface or not. If 
you are using windows hosts, you can use a package called windump that 
does the same.

Werner


> -Nazeem
>
> 2010/2/27 Nazeem نجم لدين <nazeemnss at gmail.com>
>>
>> hi,
>>  I said in my previous mail that ip-multicast worked by setting up a
>> tunnel.
>> I check this by sending multicast traffic using vlc using RTP for audio
>> and video on separate ports. But when I tried the UDP option in vlc, in
>> which both audio and video are transmitted through the same port, it did not
>> work (ip-multicast as not forwarded).
>> Can you please help me with this problem?
>> -Nazeem
>>
>> 2010/2/12 Nazeem نجم لدين <nazeemnss at gmail.com>
>>>
>>> Hi,
>>>
>>> I configured once again and now it works!
>>> The problem was that I had not copied the keys from server to the client.
>>> If there is any other problem, I shall inform you.
>>>
>>> Thanks,
>>> Nazeem
>>>
>>>
>>> 2010/2/10 Ian Coetzee <ubuntu at iancoetzee.za.net>
>>>>
>>>> On Wed, Feb 10, 2010 at 8:48 AM, Nazeem نجم لدين <nazeemnss at gmail.com>
>>>> wrote:
>>>> > hi,
>>>> >
>>>> > I tried the openvpn idea. I was able to setp openvpn on both server
>>>> > and
>>>> > client side. But I was neither able to ping to the other subnet nor
>>>> > send
>>>> > ip-multicast.
>>>> >
>>>> > I followed https://help.ubuntu.com/community/OpenVPN for the setup
>>>> >
>>>> >
>>>> > The output of route -n on server:
>>>> >
>>>> > ernel IP routing table
>>>> > Destination     Gateway         Genmask         Flags Metric Ref
>>>> > Use
>>>> > Iface
>>>> > 10.129.0.0      0.0.0.0         255.255.0.0     U     0      0
>>>> > 0 br0
>>>> > 169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0
>>>> > 0 br0
>>>> > 0.0.0.0         10.129.1.250    0.0.0.0         UG    100    0
>>>> > 0 br0
>>>> >
>>>> > So I think the route for the packets is the bridge.
>>>> >
>>>> > Can you please tell me what I am missing. I did not use 2 NIC's on
>>>> > either
>>>> > client or server. Do I have to use them?
>>>>
>>>> Hi Nazeem
>>>>
>>>> Can you pastebin your server and client configs, with all the comments
>>>> removed?
>>>>
>>>> Did you forward the relevant ports on your routers?
>>>>
>>>> Can you see that their is an established openvpn connection?
>>>>
>>>> Can you ping the OpenVPN server from the client and vise-versa?
>>>>
>>>> Regards
>>>> Ian
>>>>
>>>> >
>>>> >
>>>> > Nazeem
>>>> >
>>>> >
>>>> > On Thu, Feb 4, 2010 at 6:57 AM, NoOp <glgxg at sbcglobal.net> wrote:
>>>> >>
>>>> >> On 02/03/2010 02:21 PM, Smoot Carl-Mitchell wrote:
>>>> >> > On Wed, 2010-02-03 at 22:40 +0100, Werner Schram wrote:
>>>> >> >>
>>>> >> >> On Wed, Feb 3, 2010 at 7:02 AM, Nazeem نجم لدين
>>>> >> >> <nazeemnss at gmail.com>
>>>> >> >> wrote:
>>>> >> >> >
>>>> >> >> > hi,
>>>> >> >> > Can you suggest way of getting a multicast tunnel work. The
>>>> >> >> > assumption is
>>>> >> >> > that there is a unicast cloud in between two mbone networks. So
>>>> >> >> > we
>>>> >> >> > need to
>>>> >> >> > forward the multicast traffic over the unicast tunnel.
>>>> >> >> > Application is
>>>> >> >> > for
>>>> >> >> > video transmission.
>>>> >> >> > -Nazeem
>>>> >> >> >
>>>> >> >>
>>>> >> >> I think you should be able to do it with openvpn. Using the tap
>>>> >> >> setup,
>>>> >> >> you can create a OSI layer 2 tunnel, which should be able to
>>>> >> >> handle
>>>> >> >> ip-multicast. You then need to update the routing tables in both
>>>> >> >> networks to send multicast traffic to the tunnel in stead of the
>>>> >> >> router.
>>>> >> >> If you fully thrust the connection between the two networks, you
>>>> >> >> could
>>>> >> >> disable openvpn's encryption for better performance.
>>>> >> >
>>>> >> > You can also do this with SSH which I find simpler than openvpn to
>>>> >> > configure (although I have done both).  Check out the -w argument
>>>> >> > to SSH
>>>> >> > and the 'Tunnel' configuration parameter.  Tunnel lets you do
>>>> >> > either
>>>> >> > layer 3 (point-to-point) or layer 2 (ethernet).  You do incur the
>>>> >> > encryption overhead, but I would not run a VPN connection over the
>>>> >> > Internet unencrypted.
>>>> >> >
>>>> >> >
>>>> >>
>>>> >> Or, buy and use routers on each end that do the vpn encryption in
>>>> >> hardware. I typically avoid software vpn solutions (except for
>>>> >> roaming
>>>> >> clients) for commercial/semi-commercial/private vpn networks. In the
>>>> >> past I've used (and still do) Linksys/Cisco BEFVP41 routers on each
>>>> >> end.
>>>> >>
>>>> >> I'm sure that there are now more modern models that can do this as
>>>> >> well,
>>>> >> but the BEFVP41's (model 2/2.1) have been quite trustworthy. Setup is
>>>> >> simple, the encryption takes place in the hardware so it's fast and
>>>> >> doesn't require client software on each side of a direct connect, and
>>>> >> both sides can be set up to autoconnect & use keepalive to stay up
>>>> >> even
>>>> >> with non-static ip addresses (I use dyndns.org for my non-commercial
>>>> >> dsl
>>>> >> connections).
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> ubuntu-users mailing list
>>>> >> ubuntu-users at lists.ubuntu.com
>>>> >> Modify settings or unsubscribe at:
>>>> >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > ubuntu-users mailing list
>>>> > ubuntu-users at lists.ubuntu.com
>>>> > Modify settings or unsubscribe at:
>>>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>>> >
>>>> >
>>>>
>>>> --
>>>> ubuntu-users mailing list
>>>> ubuntu-users at lists.ubuntu.com
>>>> Modify settings or unsubscribe at:
>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>>
>>>
>>>
>>> --
>>> لا اله الا الله محمد رسول الله
>>
>>
>>
>> --
>> لا اله الا الله محمد رسول الله
>
>
>
> --
> لا اله الا الله محمد رسول الله
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>

More information about the ubuntu-users mailing list