<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: CIPE NT integrating with Samba -- VPN
From: Gert.Vandelaer,AT,medisearch-int,DOT,com
Date: Fri, 17 Aug 2001 17:19:16 +0200

Hya All ...

I've continued the research,
and gotten some results ...

CIPE is up and running on both the NT4 and the Linux (Slackware 7.0 btw)

But I think there is some problem with key-exchange, if any actually
happens at all,
I founf lots of info about the error / debug messages on a Linux, but not
so much about those on NT.

Both CIPE 's are started in DEBUG mode (debug=true / cipsrvr console)
I have to start the CIPE first on NT, otherwise nothing happens ...
so I do ....
C:\>cipsrvr console
[CIPE 2] TAP Started
[CIPE 1] Is using a BLOWFISH encryption
[CIPE 1] peer started on adapter [CIPE 2]
... snip [JOBHANDLE] ....some batch-file (equivalent to optional "ip-up"
-shell script on Linux) ...
[CIPE 1] Sending CT_PING Message

Now I start the Linux CIPE ...
insmod cipcb ; ciped-cb

Back at the console of the NT box :
[CIPE 1] Key Lifetime expired. Force Key Exchange
Decryption CRC Failed . CRC=[blahblah][foobar]
Decryption CRC Failed . CRC=[barbar][barfooblah]
[CIPE 1] NK_INK : Using peer's new key for decription. Sending NK_ACK . CRC
= blahblah (I can see this key being received on the Linux console ...)
[CIPE 1] Sending CT_PING message

... in the meanwhile on the Linux box I see ...

Received PING request
Sending PONG reply ....

There seems to be some problem with the key exchange, I also tried without
a key, but than the connection doesn't even get initiated.
I'd like some info about the debug-info on the Win NT box.
Some tips about what the problem is, would also be nice ...



                    m                    To:     
                    13/08/2001           Subject:     RE: CIPE NT integrating 
with Samba -- VPN                                 
                    06:23 PM                                                  
                    respond to                                                

You wrote on 8/13/01 9:33:41 AM:

>Hello all,
>I've been on this list now for a while and have noticed lots of
>but mainly about the Linux port of this great piece of software.
>I'm trying to integrate a Windows NT with another Windows NT via a Linux
>Firewall / Gateway with Cipe-Win32.
>I've also tried to put a Samba at one end and use the "pkcipe" because 1
>end has dynamic IP ...
>The question is : Can "pkcipe" be configured on a Win NT, is there
>special to be configured (It's the Win NT that's gonna be dynamic ip you
>see, and in the docs there's only example of a Linux with dynamic IP ...)
>Or has anyone yet set up a vpn with Win NT - Samba ?
>I'd like to know what I'm jumping into, because of dead lines and things
>like that...
>This is the network
>Win NT A : Dynamic IP (or Samba) ---- Internet ---- Linux Firewall : Fixed
>IP ------- Win NT B (PDC)
>The forwarding part on the firewall is no problem, I got this working ...
>it's just all the NT routing that's giving me hard time.
>Should I make the "Win NT A" a BDC, because users 'll have to authenticate
>there also ...
>I assume I'll have to place a seperate Gateway on location A also for
>routing internet-requests from clients of network A to internet, and not
>through CIPE interface ...
>Any advice / setup examples welcome
CIPE-Win32 doesn't use pkcipe yet. In fact, I haven't even looked at it
yet. CIPE on NT doesn't require anything else other than TCP/IP to work.
The authentication is using the static key arrangement ala cipe 1.3.0.

As far as I know, browsing should work over the tunnel, if you set up the
lmhosts file or your NT browsing domain right. Remember to read the Samba
docs about browsing over TCP/IP only networks, CIPE doesn't allow any
NetBUEI traffic.

>Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>Other commands available with "help" in body to the same address.
>CIPE info and list archive:

<< | Thread Index | >> ]    [ << | Date Index | >> ]