<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: CIPE on WinNT behind Linux Firewall ...
From: Gert.Vandelaer,AT,medisearch-int,DOT,com
Date: Wed, 25 Jul 2001 13:52:50 +0200

Hya all,

here's the update on this monster.
I've done some serious testing, gotten some minor results me thinks.

"WinNT A" :    CIPE Settings  Local IP = 192.168.0.1 / 9000
                    Peer IP = 10.10.10.1 / 9000
                    Local PTP = 192.168.0.2
                    Peer PTP = 192.168.0.145

          IP Config NT   3COM = 192.168.0.1
                    CIPE VPN = 192.168.0.2
                    Default gw = 192.168.0.145 (Linux MASQ)

"Linux 2.4.7": IPTABLES  MASQ all that comes from "Win NT A"
                    DNAT all UDP 9000 requests to "Win NT A"

          IP Config eth0 = 192.168.0.145
                    eth1 = 10.10.10.145

"Win NT B" :   CIPE Settings  Local IP = 10.10.10.1 / 9000
                    Peer IP = 10.10.10.145 / 9000
                    Local PTP = 10.10.10.2
                    Peer PTP = 10.10.10.145 (??? This is a complete shot in
the dark ... well, not this alone actually ;-))

          IP Config 3COM = 10.10.10.1 (default gw = 10.10.10.2 --> maybe
this is wrong, but it seemed logical to mee, please someone explain why
wrong / right)
                    CIPE VPN = 10.10.10.2

This is offcourse a testnetwork I set up with a small hub ... if I can get
this to work, it shouldn't be much of a problem to integrate this with DSL
routers over the actual network.

Now when I start both CIPE services up (has to be manually b.t.w.) i see on
my "Linux" box, with tcpdump, traffic going back and forth between the 2
Win NT boxes, so I think the routing on the "Linux box" is correctly set
up.  All is masq's from the 192.168.0.1 to 10.10.10.1, and in the other
direction all UDP:9000 from 10.10.10.1 is forwarded to 192.168.0.1.
I can do everything from the MASQ'ed "Win NT A" box (nbtstat ...).

I am however certain that there is something very wrong with the NT
routing, perhaps someone can give me some clues,
I would also like to know how I can actually "see" / "test" if the CIPE VPN
is active (except off course via tcpdump) ...
I've used lmhosts.sam files to map the Netbios names ... i can't do
nbtstat, because it times out?

Should I for example be able to ping from "Win NT B" to "Win NT A" via this
CIPE tunnel ...
how do I tell NT to tunnel packets coming from a 10.10.10.0 network with
destination 10.10.10.145 (because it's this machine that'll forward the
packets to another network ...)
Is this at all possible ...
I think this is the main problem ...

Are my CIPE setiings correct b.t.w. ? :-)))

Well,
sorry for the huge load of reading,
but it's better to write 1 long post, than 10 corrections, and extra
explanation.

Any advice / comments much appreciated

Cya,
Gert

                                                                              
                                                  
                    ewheeler@kaic                                             
                                                  
                    o.com                To:     
Gert.Vandelaer,AT,medisearch-int,DOT,com                                      
       
 
                    Sent by:             cc:     cipe-l,AT,inka,DOT,de        
       
                                                  
                    owner-cipe-l@        Subject:     Re: CIPE on WinNT 
behind Linux Firewall ...                               
                    inka.de                                                   
                                                  
                                                                              
                                                  
                                                                              
                                                  
                    25/07/2001                                                
                                                  
                    07:19 AM                                                  
                                                  
                                                                              
                                                  
                                                                              
                                                  

Gert --

 The only one I know if is that you can't use the neato 'pkcipe' util to
connect them.  My only NT linking experience is w/ w2k and I never got it
to work.  Keep us posted as to what you find!  I'd be rather interested!

--Eric

On Tue, 24 Jul 2001 Gert.Vandelaer,AT,medisearch-int,DOT,com wrote:

> Hello all,
>
> Don't be scared by the subject ... take a deep breath ..
> that's right ... now read it again ...
>
> Indeed, I'm asking a question about CIPE on NT,
> the readme that came with the package was sort of short.
> I read through the CIPE faq's, some info about file sharing was there ...
>
> But I just wonder,
> is there anyone here who has ever actually used CIPE on NT.
>
> I'm planning on running the CIPE server behind a 2.4.x firewall,
> much easier than IpSec, because of the udp tunnel ...
> so that 'll all work fine ...
>
> U just wondered if there is anything I have to look out for on NT.
>
> Some configuration hints would also be much appreciated,
> because I'm not used to this NT click stuff ...
>
> "Why on NT ?" you ask ... well that's ez ... because the CIPE client is
> going to be in another country,
> where there is no Linux support ... so, there you have it ..
>
> This is the setup ...
>
> Win NT A / CIPE Client ---- DSL Router A---- Internet ---- DSL Router B
> ---- Linux Firewall B (Fixed IP / DNAT) ----- Win NT B / CIPE Server (LAN
> IP)
>
> Any caveats I should look out for ?
>
> Thnx
>
> Cya,
> Gert
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: <URL:
http://sites.inka.de/~bigred/devel/cipe.html>
>

--
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive: <URL:
http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]