RE: CIPE NT integrating with Samba -- VPN|
Fri, 17 Aug 2001 17:19:16 +0200|
Hya All ...
I've continued the research,
and gotten some results ...
CIPE is up and running on both the NT4 and the Linux (Slackware 7.0 btw)
But I think there is some problem with key-exchange, if any actually
happens at all,
I founf lots of info about the error / debug messages on a Linux, but not
so much about those on NT.
Both CIPE 's are started in DEBUG mode (debug=true / cipsrvr console)
I have to start the CIPE first on NT, otherwise nothing happens ...
so I do ....
[CIPE 2] TAP Started
[CIPE 1] Is using a BLOWFISH encryption
[CIPE 1] peer started on adapter [CIPE 2]
... snip [JOBHANDLE] ....some batch-file (equivalent to optional "ip-up"
-shell script on Linux) ...
[CIPE 1] Sending CT_PING Message
Now I start the Linux CIPE ...
insmod cipcb ; ciped-cb
Back at the console of the NT box :
[CIPE 1] Key Lifetime expired. Force Key Exchange
Decryption CRC Failed . CRC=[blahblah][foobar]
Decryption CRC Failed . CRC=[barbar][barfooblah]
[CIPE 1] NK_INK : Using peer's new key for decription. Sending NK_ACK . CRC
= blahblah (I can see this key being received on the Linux console ...)
[CIPE 1] Sending CT_PING message
... in the meanwhile on the Linux box I see ...
Received PING request
Sending PONG reply ....
There seems to be some problem with the key exchange, I also tried without
a key, but than the connection doesn't even get initiated.
I'd like some info about the debug-info on the Win NT box.
Some tips about what the problem is, would also be nice ...
13/08/2001 Subject: RE: CIPE NT integrating
with Samba -- VPN
You wrote on 8/13/01 9:33:41 AM:
>I've been on this list now for a while and have noticed lots of
>but mainly about the Linux port of this great piece of software.
>I'm trying to integrate a Windows NT with another Windows NT via a Linux
>Firewall / Gateway with Cipe-Win32.
>I've also tried to put a Samba at one end and use the "pkcipe" because 1
>end has dynamic IP ...
>The question is : Can "pkcipe" be configured on a Win NT, is there
>special to be configured (It's the Win NT that's gonna be dynamic ip you
>see, and in the docs there's only example of a Linux with dynamic IP ...)
>Or has anyone yet set up a vpn with Win NT - Samba ?
>I'd like to know what I'm jumping into, because of dead lines and things
>This is the network
>Win NT A : Dynamic IP (or Samba) ---- Internet ---- Linux Firewall : Fixed
>IP ------- Win NT B (PDC)
>The forwarding part on the firewall is no problem, I got this working ...
>it's just all the NT routing that's giving me hard time.
>Should I make the "Win NT A" a BDC, because users 'll have to authenticate
>there also ...
>I assume I'll have to place a seperate Gateway on location A also for
>routing internet-requests from clients of network A to internet, and not
>through CIPE interface ...
>Any advice / setup examples welcome
CIPE-Win32 doesn't use pkcipe yet. In fact, I haven't even looked at it
yet. CIPE on NT doesn't require anything else other than TCP/IP to work.
The authentication is using the static key arrangement ala cipe 1.3.0.
As far as I know, browsing should work over the tunnel, if you set up the
lmhosts file or your NT browsing domain right. Remember to read the Samba
docs about browsing over TCP/IP only networks, CIPE doesn't allow any
>Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>Other commands available with "help" in body to the same address.
>CIPE info and list archive: