<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Frame errors with Cipe-Win32
From: "Damion K. Wilson" <dkw,AT,rcm,DOT,bm>
Date: Sat, 4 Nov 2000 00:12:48 +0100
In-reply-to: <Pine.OSF.4.10.10011040001440.9505-100000@kosh.hut.fi>

Thanks. This situation is interesting, to say the least. I'm running SP5
everywhere without 128bit encryption (outside U.S., you see). All your
settings look fine to me, too.

The driver will not spit out per packet debug info, only key exchange
events. It may alert you to a decryption failure, though, which is what
it's sounding like. Try changing the static key to some other value, just
in case there's a bug in my code there. I don't think there's a routing
issue here because the packets reach the interfaces on both sides, in both
directions.

BTW: Cipe-Win32 Beta 12 (should I start calling it PRE-whatever ?) is
looking pretty good...

DKW

*********** REPLY SEPARATOR  ***********

On 11/4/00 at 12:04 AM Ville Voipio wrote:

>Damion,
>
>Thank you for your quick reply.
>
>> There is a known "issue" between Cipe-Win32 and Cipe 1.4.x. I don't know
>> what happened, but I think that a field changed position in the UDP
frame.
>> It's only been reported to me 10 days or so ago. I don't have a Cipe
1.4.3
>> box setup and I'm currently rewriting Cipe-Win32. If you use Cipe 1.3.x,
>> everything will work fine.
>
>In case you are referring to Chris's Problem [Re: Cipe for Windows], there
>are certain differences. In my case the Linux box does not answer
>anything. It does not even try to exchange keys. If you need broken UDP
>frames, I have some on my hard disk as hex dumps. I can send them along
>with the key, if it is of any help!
>
>Anyway, we tried the 1.3.0 version for Linux. It does not work either, but
>the symptoms are different, almost promising:
>
>- Key exchange goes nicely without any problems.
>- Tunnel seems to be up
>- Cannot ping either way through the tunnel
>
>If I ping the NT machine (from the Linux box), an icmp-echo-request is
>sent from the cipcb0 interface. A UDP packet is sent out from the ethernet
>connection. The answer never arrives. A lot of NetBios messages from the
>NT machine are received by the Linux box.
>
>If I ping the Linux box from the NT machine, the Linux box receives an
>icmp-echo-request and replies with an icmp-echo-reply. BUT, the NT machine
>never receives the reply.
>
>Pinging between the two computer works fine outside of Cipe.
>
>As far as I have understood, this little test implies:
>
>1. There is no "physical" obstacles between the computers, as the keys can
>be exchanged. Both computers can access each others' UDP ports.
>
>2. The NT machine is deaf, it does not receive anything from the Linux box
>over Cipe.
>
>---
>
>This looks like an internal problem in Windows NT (routing or something
>like that). It just popped into my mind that also Chris (who had problems
>with CIPE-1.4.3) seems to have Windows NT 4.0 Service Pack 6a with 128-bit
>encryption. Could it be that this specific SP level causes odd phenomena?
>
>I'll take a closer look at what the NT kernel driver thinks about all this
>as soon as I get DebugView installed.
>
>Thanks for your help!
>
>- Ville
>
>
>
>
>--
>Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>Other commands available with "help" in body to the same address.
>CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]