<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Cipe can't connect arp-error?maybe? look at bottom of message
From: Nick <daye149,AT,pacbell,DOT,net>
Date: Fri, 23 Mar 2001 18:41:43 +0100

Do I need to add anything more than this to my routing tables or is ARP 
problematic?????

SETUP AS FOLLOWS:  DSL to DSL  (both static)

|| Network A

eth0=62.xxx.xxx.2
eth1=192.168.1.1
dhcp=192.168.1.0/24 from 192.168.1.100 to 192.168.1.200
servers in network are static...

so for host a I entered:
ciped-cb me=62.xxx.xxx.2:6789 peer=64.xxx.xxx.129:6543 
ipaddr=192.168.254.2 ?ptpaddr=192.168.254.1

Host A ROUTING TABLE
Destination ? ? Gateway ? ? ? ? Genmask ? ? ? ? Flags Metric Ref ? ?Use Iface
255.255.255.255 * ? ? ? ? ? ? ? 255.255.255.255 UH ? ?0 ? ? ?0 ? ? ? ?0 eth1
192.168.254.1 ? * ? ? ? ? ? ? ? 255.255.255.255 UH ? ?0 ? ? ?0 ? ? ? ?0 cipcb0
64.xxx.xxx.85 ? * ? ? ? ? ? ? ? 255.255.255.255 UH ? ?0 ? ? ?0 ? ? ? ?0 eth0
localnet ? ? ? ?* ? ? ? ? ? ? ? 255.255.255.248 U ? ? 0 ? ? ?0 ? ? ? ?0 eth0
192.168.0.0     192.168.254.1   255.255.255.0   UG    0      0        0 cipcb0
192.168.1.0 ? ? * ? ? ? ? ? ? ? 255.255.255.0 ? U ? ? 0 ? ? ?0 ? ? ? ?0 eth1
default ? ? ? ? adsl-63-200-24- 0.0.0.0 ? ? ? ? UG ? ?0 ? ? ?0 ? ? ? ?0 eth0

|| Network B
eth0=64.xxx.xxx.129
eth1=192.168.0.1
servers in network static...
dhcp=192.168.0.1/24 from 192.168.0.100 to 192.168.0.120

for host b:
ciped-cb me=64.xxx.xxx.129:6543 peer=62.xxx.xxx.2:6789 ipaddr=192.168.254.1
ptpaddr=192.168.254.2

Host B ROUTING TABLES
255.255.255.255 * ? ? ? ? ? ? ? 255.255.255.255 UH ? ?0 ? ? ?0 ? ? ? ?0 eth1
192.168.254.2 ? * ? ? ? ? ? ? ? 255.255.255.255 UH ? ?0 ? ? ?0 ? ? ? ?0 cipcb0
adsl-63-200-24- * ? ? ? ? ? ? ? 255.255.255.255 UH ? ?0 ? ? ?0 ? ? ? ?0 eth0
localnet ? ? ? ?* ? ? ? ? ? ? ? 255.255.255.0 ? U ? ? 0 ? ? ?0 ? ? ? ?0 eth0
192.168.1.0     192.168.254.2   255.255.255.0   UG    0      0        0 cipcb0
192.168.0.0 ? ? * ? ? ? ? ? ? ? 255.255.255.0 ? U ? ? 0 ? ? ?0 ? ? ? ?0 eth1
default ? ? ? ? 64.165.242.1 ? ?0.0.0.0 ? ? ? ? UG ? ?0 ? ? ?0 ? ? ? ?0 eth0

I am getting both cipcb0 interfaces w/ the respectivity pptp and me ip's

Host A
cipcb0 ? ?Link encap:IPIP Tunnel ?HWaddr
? ? ? ? ? inet addr:192.168.254.2 ?P-t-P:192.168.254.1 ?Mask:255.255.255.255
? ? ? ? ? UP POINTOPOINT RUNNING NOARP ?MTU:1442 ?Metric:1
? ? ? ? ? RX packets:0 errors:0 dropped:0 overruns:0 frame:0
? ? ? ? ? TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
? ? ? ? ? collisions:0 txqueuelen:100
? ? ? ? ? RX bytes:0 (0.0 b) ?TX bytes:0 (0.0 b)

Host B
cipcb0 ? ?Link encap:IPIP Tunnel ?HWaddr
? ? ? ? ? inet addr:192.168.254.1 ?P-t-P:192.168.254.2 ?Mask:255.255.255.255
? ? ? ? ? UP POINTOPOINT RUNNING NOARP ?MTU:1442 ?Metric:1
? ? ? ? ? RX packets:0 errors:0 dropped:0 overruns:0 frame:0
? ? ? ? ? TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
? ? ? ? ? collisions:0 txqueuelen:100
? ? ? ? ? RX bytes:0 (0.0 b) ?TX bytes:0 (0.0 b)

Added this line on both firewalls:
ipchains -A FORWARD -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT

I still can't seem to ping through tunnel though.......I have masq. clearly 
setup not that that matters. Can't ping from cipe host to host

can't do ping 192.168.254.1 or 192.168.254.2 remotely.  Addresses do work 
locally (loopback)

on both machines ip-forward is enabled.

ipchains looks like this:

Host A
Chain input (policy ACCEPT)
Chain forward (policy DENY):
target ? ? prot opt ? ? source ? ? ? ? ? ? ? ?destination ? ? ? ? ? ports
MASQ ? ? ? all ?------ ?192.168.1.0/24 ? ? ? anywhere ? ? ? ? ? ? ?n/a
ACCEPT ? ? all ?------ ?192.168.0.0/16 ? ? ? 192.168.0.0/16 ? ? ? ?n/a
Chain output (policy ACCEPT)

Host B
Chain input (policy ACCEPT)
Chain forward (policy DENY):
target ? ? prot opt ? ? source ? ? ? ? ? ? ? ?destination ? ? ? ? ? ports
MASQ ? ? ? all ?------ ?192.168.0.0/24 ? ? ? anywhere ? ? ? ? ? ? ?n/a
ACCEPT ? ? all ?------ ?192.168.0.0/16 ? ? ? 192.168.0.0/16 ? ? ? ?n/a
Chain output (policy ACCEPT)

Here is my tcpdump from both sides, One looks off!!

Host A
09:06:09.353881 arp who-has 64.xxx.xxx.85 tell deamon.pacbell.net
PROBLEM HERE MAYBE?????????????

Host B
13:04:34.242994 blackbox.dslextreme.com.9999 > 
adsl-63-xxx-xxx-2.dsl.lsan03.pacbell.net.9999: udp 120

I Think that Host A is having a problem finding the connection to Host B
Why would it make a ARP query if it is possible to reach it through the IP 
address

Do I need fully-qualified domain names????

HOST A and B DMESG
Mar 23 09:03:04 deamon kernel: cipcb0: cipe_sendmsg
Mar 23 09:03:04 deamon kernel: cipcb0: setkey
Mar 23 09:03:04 deamon kernel: cipcb0: cipe_recvmsg
Mar 23 09:03:15 deamon kernel: cipcb0: cipe_sendmsg
Mar 23 09:03:15 deamon kernel: cipcb0: setkey
Mar 23 09:03:15 deamon kernel: cipcb0: cipe_recvmsg

It is supposed to keep sending the key??? 

stored in /etc/cipe/options

Not sure how to resolve this problem, or maybe I have something 
misconfigured......still trying to connect the tunnels.
Help if u can

see ya

Nick





<< | Thread Index | >> ]    [ << | Date Index | >> ]