Subject: |
Re: CIPE on WinNT behind Linux Firewall ... |
From: |
Gert.Vandelaer,AT,medisearch-int,DOT,com |
Date: |
Wed, 25 Jul 2001 13:52:50 +0200 |
Hya all,
here's the update on this monster.
I've done some serious testing, gotten some minor results me thinks.
"WinNT A" : CIPE Settings Local IP = 192.168.0.1 / 9000
Peer IP = 10.10.10.1 / 9000
Local PTP = 192.168.0.2
Peer PTP = 192.168.0.145
IP Config NT 3COM = 192.168.0.1
CIPE VPN = 192.168.0.2
Default gw = 192.168.0.145 (Linux MASQ)
"Linux 2.4.7": IPTABLES MASQ all that comes from "Win NT A"
DNAT all UDP 9000 requests to "Win NT A"
IP Config eth0 = 192.168.0.145
eth1 = 10.10.10.145
"Win NT B" : CIPE Settings Local IP = 10.10.10.1 / 9000
Peer IP = 10.10.10.145 / 9000
Local PTP = 10.10.10.2
Peer PTP = 10.10.10.145 (??? This is a complete shot in
the dark ... well, not this alone actually ;-))
IP Config 3COM = 10.10.10.1 (default gw = 10.10.10.2 --> maybe
this is wrong, but it seemed logical to mee, please someone explain why
wrong / right)
CIPE VPN = 10.10.10.2
This is offcourse a testnetwork I set up with a small hub ... if I can get
this to work, it shouldn't be much of a problem to integrate this with DSL
routers over the actual network.
Now when I start both CIPE services up (has to be manually b.t.w.) i see on
my "Linux" box, with tcpdump, traffic going back and forth between the 2
Win NT boxes, so I think the routing on the "Linux box" is correctly set
up. All is masq's from the 192.168.0.1 to 10.10.10.1, and in the other
direction all UDP:9000 from 10.10.10.1 is forwarded to 192.168.0.1.
I can do everything from the MASQ'ed "Win NT A" box (nbtstat ...).
I am however certain that there is something very wrong with the NT
routing, perhaps someone can give me some clues,
I would also like to know how I can actually "see" / "test" if the CIPE VPN
is active (except off course via tcpdump) ...
I've used lmhosts.sam files to map the Netbios names ... i can't do
nbtstat, because it times out?
Should I for example be able to ping from "Win NT B" to "Win NT A" via this
CIPE tunnel ...
how do I tell NT to tunnel packets coming from a 10.10.10.0 network with
destination 10.10.10.145 (because it's this machine that'll forward the
packets to another network ...)
Is this at all possible ...
I think this is the main problem ...
Are my CIPE setiings correct b.t.w. ? :-)))
Well,
sorry for the huge load of reading,
but it's better to write 1 long post, than 10 corrections, and extra
explanation.
Any advice / comments much appreciated
Cya,
Gert
ewheeler@kaic
o.com To:
Gert.Vandelaer,AT,medisearch-int,DOT,com
Sent by: cc: cipe-l,AT,inka,DOT,de
owner-cipe-l@ Subject: Re: CIPE on WinNT
behind Linux Firewall ...
inka.de
25/07/2001
07:19 AM
Gert --
The only one I know if is that you can't use the neato 'pkcipe' util to
connect them. My only NT linking experience is w/ w2k and I never got it
to work. Keep us posted as to what you find! I'd be rather interested!
--Eric
On Tue, 24 Jul 2001 Gert.Vandelaer,AT,medisearch-int,DOT,com wrote:
> Hello all,
>
> Don't be scared by the subject ... take a deep breath ..
> that's right ... now read it again ...
>
> Indeed, I'm asking a question about CIPE on NT,
> the readme that came with the package was sort of short.
> I read through the CIPE faq's, some info about file sharing was there ...
>
> But I just wonder,
> is there anyone here who has ever actually used CIPE on NT.
>
> I'm planning on running the CIPE server behind a 2.4.x firewall,
> much easier than IpSec, because of the udp tunnel ...
> so that 'll all work fine ...
>
> U just wondered if there is anything I have to look out for on NT.
>
> Some configuration hints would also be much appreciated,
> because I'm not used to this NT click stuff ...
>
> "Why on NT ?" you ask ... well that's ez ... because the CIPE client is
> going to be in another country,
> where there is no Linux support ... so, there you have it ..
>
> This is the setup ...
>
> Win NT A / CIPE Client ---- DSL Router A---- Internet ---- DSL Router B
> ---- Linux Firewall B (Fixed IP / DNAT) ----- Win NT B / CIPE Server (LAN
> IP)
>
> Any caveats I should look out for ?
>
> Thnx
>
> Cya,
> Gert
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: <URL:
http://sites.inka.de/~bigred/devel/cipe.html>
>
--
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive: <URL:
http://sites.inka.de/~bigred/devel/cipe.html>