<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Deaf CIPE-Win32
From: "Ville Voipio" <ville.voipio,AT,iki,DOT,fi>
Date: Sat, 11 Nov 2000 21:12:37 +0100

A while ago I complained about not getting communication between Cipe-Win32
and a Linux box. There was something wrong with the en/decryption, as all
packets from the Win-32 party ended up as frame errors in the Linux box.

I uninstalled the Win32 driver (version beta 11), and installed the new one
(2.0 beta). I got rid of the frame errors, now the Linux driver is
completely satisfied, packets are both RX'd and TX'd.

However, the Win-32 adapter remains completely deaf. I have tried with the
following configurations:

Win NT 4.0 SP 6, CIPE-Win32 beta 11
Win NT 4.0 SP 6, CIPE-Win32 v.2.0beta
Win 2000, CIPE-Win32 v.2.0beta
Win 2000 SP1, CIPE-Win32 beta 11
Win 2000 SP1, CIPE-Win32 v 2.0beta


RH 6.1 Linux + Cipe 1.4.3.

All these behave the same way: packets are transmitted from the Windows
machine to the Linux box. The Linux box receives these packets without
problems and routes them just fine. The Linux box transmits packets to the
Windows machine, as well, but they are never received.

If I ping a machine on the remote network from my Windows machine, the
following things happen:

- CIPE layer:
   * Windows machine sends an ICMP-ECHO-REQUEST
   * Linux box receives the request and forwards it into the local network
   * Linux box receives the ICMP-ECHO-REPLY from the local network and
     sends it over the VPN
   * Windows machine never receives the response

- IP layer (ethernet):
   * Windows machine sends a UDP packet to the Linux box [encrypted
   * Linux box receives this packet
   * Linux box sends a UDP packet to the Windows machine [encrypted
   * Windows machine receives this packet

This information has been gathered with tcpdump in Linux and WinDump in
WinNT/2000. So, it seems that all physical packets find their way, and the
keys are exchanged, as the connection can be used to transfer encrypted data


What is going on? the W2k was installed with all default settings onto a
clean harddisk to ensure intact operating system. The configuration in the
Linux box seems to be as it should be. This has been verified by using
another Linux box as a peer.

In case this were some stupid routing problem, here is my routing table:

Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...08 00 58 00 00 01 ...... DKW Heavy Industries VPN Adapter.
0x3 ...00 a0 24 43 89 3a ...... ELNK3 Ethernet Adapter
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
   1   1   1   1   1   1   1   1   1   1   1   1

If I ping e.g. (a WinNT machine at work), the ping goes
there, and the machine responds as expected. A clip from tcpdump at the
Linux box:

21:37:03.800007 < > icmp: echo request
21:37:03.800371 > > icmp: echo reply

But the ping never comes back.


I have run out of good (and most bad) ideas. So, if there is a stupid
mistake, please tell me so that I can go to the corner and bang my head to
the wall ;)

Best regards,

- Ville

<< | Thread Index | >> ]    [ << | Date Index | >> ]