A few days ago, I wrote the message below. I got one response, but
no real answers to the questions:
1) how can I get CIPE to log more verbosely, and tell me
what's failing? The only log messages I'm getting
bringing up interface cipcb0: succeeded
the last three lines repeat when I try to ping the
opposite end of the point-to-point.
This is cipe 1.4.5 by the way.
ANY suggestions on how to debug this will be appreciated.
> Hi All,
> I'm trying to set up a CIPE VPN between two sites. Each site is
> running a firewall already (3COM on one side, Linux on the other).
> Each site is running NAT, and the internal net's where the two VPN
> boxes reside each have a non-routable address (10.10.x.x and
> 192.168.x.x). I have set the firewalls to pass UDP port 9000 (chosen
> arbitrarily) to/from the corresponding partners.
> It is not working, though I'm not getting any useful information
> in the logs to help debug either. So, several questions:
> 1) does the NAT translation "get in the way"
> 2) how can I find out how it's failing?
> 3) is there a way to get more debug info in the logs?
> It's set up basically as follows:
> Site A: Firewall Real IP is 128.x.x.3
> VPN Real IP is 10.10.15.249
> FW has a port forward rule from
> 128.x.x.3:9000 -> 10.10.15.249:9000
> VPN peer is 140.x.x.37
> VPN PTPADDR is 192.168.254.1
> VPN IPADDR is 192.168.254.2
> Site B: Firewall Real IP is 140.x.x.37
> VPN Real IP is 192.168.41.10
> VPN PTPADDR is 192.168.254.2
> VPN IPADDR is 192.168.254.1
> Site B's firewall maps 140.x.x.37 -> 192.168.41.10
> Any suggestions on what I may be doing wrong, or what settings need
> to be checked, etc would be appreciated. I bring up CIPE on
> both ends (these are RH 7.1 boxes, btw) and they "succeed".
> I then try pinging 192.168.254.x (where x is 1 or 2). Pinging
> the local end works, the far end fails.
> I realize I'm gonna have some routing to figure out once this
> part works. But for now, I just want these two boxes to work.
> As far as I can determine using netcat, port 9000 between the two
> sites *IS* passing packets correctly.