Frame errors with Cipe-Win32|
Ville Voipio <vvoipio,AT,cc,DOT,hut,DOT,fi>|
Fri, 3 Nov 2000 01:30:09 +0100|
I have been trying to set up a Cipe-based tunnel between a Windows NT
machine and a Linux box. The network is as follows:
dynamic address <-> 10.43.103.129
So, the other end (Linux box) has a fixed address. My end does not
necessarily have a fixed public address as the ISP may change the way it
maps the 10.x.x.x addresses to public addresses. However, there is no NAT
in between, and all ports should be open.
Pings go fine into both directions (without Cipe). With Cipe tunnel is
The Linux box seems to work fine, as we were able to set up a similar
system with another Linux in the other end with the same addresses and
ports. Cipe worked without slightest problems.
This is how I have configured the CIPE1/(Untitled) adapter at the NT
Local IP: 0.0.0.0 : 1234
Peer IP: 188.8.131.52 : 1234
Local PTP IP: 192.168.101.226 mask 255.255.255.252 (from control panel)
Peer PTP IP: 192.168.101.225
Static key: <128 bits of random noise>
The Linux options file looks like:
key <same 128 bits of random noise>
The NT routing table is as follows [Metrics removed for readability]:
0x1 ........................... MS TCP Loopback interface
0x2 ...08 00 58 00 00 01 ...... DKW Heavy Industries VPN Adapter
0x3 ...00 a0 24 43 89 3a ...... ELNK3 Ethernet Adapter
Network Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 10.103.43.129 10.103.43.130
10.103.43.128 255.255.255.248 10.103.43.130 10.103.43.130
10.103.43.130 255.255.255.255 127.0.0.1 127.0.0.1
10.255.255.255 255.255.255.255 10.103.43.130 10.103.43.130
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
192.168.101.224 255.255.255.252 192.168.101.226 192.168.101.226
192.168.101.226 255.255.255.255 127.0.0.1 127.0.0.1
192.168.101.255 255.255.255.255 192.168.101.226 192.168.101.226
184.108.40.206 220.127.116.11 10.103.43.130 10.103.43.130
18.104.22.168 22.214.171.124 192.168.101.226 192.168.101.226
255.255.255.255 255.255.255.255 192.168.101.226 192.168.101.226
This shouldn't be awfully wrong. The traffic to 192.168.101.224/30 is
routed through the DKW Heavy Industries' interface. (This seems to be a
bit different from that on Linux, as there the gw should be the _other_
end). There is still one thing I do not get, and it is the route to the
broadcast address 192.168.101.255, which is out of netmask range!
Anyway, I can ping myself, i.e. pinging 192.168.101.226 gives an answer.
Pinging 192.168.101.225 results in timeout. The Linux machine's Cipe
daemon does not report any activity (kx or anything else), so the tunnel
is not up.
However, something does happen. When I monitor the traffic at the Linux
end with tcpdump, there are UDP packets coming from my NT machine to the
Linux machine to the right port. These packets are somehow ignored, and
ifconfig reports an ever increasing FRAME (error) count (it icreases
steadily by some ten packets each ten minutes or so).
Any ideas what might be going on? Yes, I'd love to use tcpdump on my NT
machine, but unfortunately Bill G. hasn't included it. And, yes, I'd love
to switch on some sort of debugging on the NT side, but I do not know how
to do that. (Yes, f*** the registry and give me decent configuration
Some version information:
Linux Box: RH 6.1, Cipe 1.4.3
NT machine: Win NT 4 WS, SP6a (128-bit), Cipe-Win32 beta 11 (1 Sep 00)
Any idea what might be wrong? Have I made some stupid mistake in the
routing, or something?
Thank you very much for any constructive input!