Vpn-Based ip Tunnel multi-to-one mode for redirection (case studies)

This article is also a real case. You can only display some of the real ip addresses. Sorry --~

The demand for leader is always endless; what he wants, you need to find a way to achieve 650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/00594B501-0.gif "/>

Just a few days ago, the domestic machine vpn jumped to the foreign machine route delivery; today, a sudden whim, change the solution; if the last time is to save costs, then this solution is more cost-effective; try it out. Test it.

The topology is as follows:

It is clear that three servers in China are redirected to one machine outside China. The three ip addresses on the machines outside China can be directly connected. How much is the cost saved?

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0059464454-1.jpg "title =" 2.jpg"/>

Assign an ip address first. Here, we use the pptp service as an example. First, each machine can be dialed separately. It is very simple. refer to the previous article.

I am here to give you an instance of my other computer)

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0059464F1-2.jpg "title =" a.jpg "/>

The following are ip Address allocation information;

China

Server1:
Eth0: 58.247.a.a local ip address)
Ethn: 10.0.0.1 tunnel virtual network card)
Pptpd: The intranet ip address assigned to the user by 172.16.0.0/24)
Server2:
Eth0: 61.152. B. B
Ethm: 255.0.0.1
Pptpd: 172.16.2.0/24
Server3:
Eth0: 112.65.c.c
Ethp: 30.0.0.1
Pptpd: 172.16.3.0/24
Overseas server:
Eth0: 61.219.d.d/61.219.e.e/61.219.f.f
Ethn: 10.0.0.2
Ethm: 255.0.0.2
Ethp: 30.0.0.2
Pptpd: 172.16.10.0/24 172.16.11.0/24 172.16.12.0/24

Let's show you pptpd. conf.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0059461910-3.jpg "title =" B .jpg "/>

The configuration is started below;

Server1:

1. vim/etc/ipip. sh

#!/bin/ship tunnel del ethnip tunnel add ethn mode ipip local 58.247.a.a remote 61.219.d.difconfig ethn 10.0.0.1route add -host 10.0.0.2 dev ethnecho 1 > /proc/sys/net/ipv4/ip_forwardip rule add from 172.16.0.0/16 table ipip pref 1700ip route add default dev ethn table ipip

2. chmod + x/etc/ipip. sh
3. vim/etc/iproute2/rt_tables

240 ipip # New

4. vim/etc/rc. local

/Etc/ipip. sh # Add an ip Tunnel

Server2:

1. vim/etc/ipip. sh

#!/bin/ship tunnel del ethmip tunnel add ethm mode ipip local 61.152.b.b remote 61.219.e.eifconfig ethm 20.0.0.1route add -host 20.0.0.2 dev ethmecho 1 > /proc/sys/net/ipv4/ip_forwardip rule add from 172.16.0.0/16 table ipip pref 1700ip route add default dev ethm table ipip

2. chmod + x/etc/ipip. sh
3. vim/etc/iproute2/rt_tables

240 ipip # New

4. vim/etc/rc. local

/Etc/ipip. sh # Add an ip Tunnel

Server3:

1. vim/etc/ipip. sh

#!/bin/ship tunnel del ethpip tunnel add ethp mode ipip local 112.65.c.c remote 61.219.f.fifconfig ethp 30.0.0.1route add -host 30.0.0.2 dev ethpecho 1 > /proc/sys/net/ipv4/ip_forwardip rule add from 172.16.0.0/16 table ipip pref 1700ip route add default dev ethp table ipip

2. chmod + x/etc/ipip. sh
3. vim/etc/iproute2/rt_tables

240 ipip # New

4. vim/etc/rc. local

/Etc/ipip. sh # Add an ip Tunnel

Below is the configuration on overseas servers

ip tunnel del ethnip tunnel add ethn mode ipip local 61.219.d.d remote 180.153.a.aifconfig ethn 10.0.0.2route add -host 10.0.0.1 dev ethnip tunnel del ethmip tunnel add ethm mode ipip local 61.219.e.e remote 61.152.b.bifconfig ethm 20.0.0.2route add -host 20.0.0.1 dev ethmip tunnel del ethpip tunnel add ethp mode ipip local 61.219.f.f remote 112.65.c.cifconfig ethp 30.0.0.2route add -host 30.0.0.1 dev ethpecho 1 > /proc/sys/net/ipv4/ip_forwardroute add -net 172.16.0.0/24 dev ethnroute add -net 172.16.2.0/24 dev ethmroute add -net 172.16.3.0/24 dev ethpiptables -t nat -A POSTROUTING -o eth0 -s 172.16.0.0/24 -j SNAT --to-source 61.219.d.diptables -t nat -A POSTROUTING -o eth0 -s 172.16.2.0/24 -j SNAT --to-source 61.219.e.eiptables -t nat -A POSTROUTING -o eth0 -s 172.16.3.0/24 -j SNAT --to-source 61.219.f.fiptables -t nat -A POSTROUTING -o eth0 -s 172.16.10.0/24 -j SNAT --to-source 61.219.d.diptables -t nat -A POSTROUTING -o eth0 -s 172.16.11.0/24 -j SNAT --to-source 61.219.e.eiptables -t nat -A POSTROUTING -o eth0 -s 172.16.12.0/24 -j SNAT --to-source 61.219.f.f

After all tests, we achieved the desired effect: the first three dialup, the external ip address is an overseas ip address, and the next one is also an overseas ip address;

This article is from the Coffee _ Blue Mountains blog, please be sure to keep this source http://lansgg.blog.51cto.com/5675165/1231113