<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: "kxchg: recv: Connection refused" Error
From: "Imran Ghaznavi" <imrang,AT,home,DOT,com>
Date: Wed, 5 Sep 2001 08:04:56 +0200



Hello,I have been trying to get CIPE 
working for past couple of weeks with no luck. Following is an issue that I 
was 
not able to find any info on the net.Let me give you the environment 
info first.-Linux Distribution: Redhat 7.1-Recompiled kernel 
version: 2.4.9-CIPE version: 1.5.2
?
Problem: Cannot send traffic across the 
tunnel.
?
I think Key Exchange is not happening 
properly.
?
I also have another question. In version 1.5.2 if 
we are using /etc/cipe/identity and /etc/cipe/identity.priv what is the 
purpose 
of "key" in the options file ?
?
In the current options file the key option is set 
on both ends.
?
Please look at the logs below and see if you can 
spot the problem. Let me know if you need any other information. 
?
Any help will be greatly appreciated. Thank 
You
?
--Imran Ghaznavi
?
?
?

<FONT face=Courier 
size=2>24.7.173.167/25-------.??????24.15.181.22/25----.
<FONT 
face=Courier>?????????????????????? 
\?????????????????????????\
<FONT face=Courier 
size=2>--LAN-----eth1--Router--eth0------INTERNET------eth0--Router--eth1---LAN---
? 
????????? 
\????????????????????????????????????????????????? 
/
<FONT 
face=Courier>?????????????`---192.168.10.1/24???????????192.168.20.1/24?--/
?
?[cipcb0: 192.168.10.1]------VPN TUNNEL OVER 
INET-----[cipcb0: 192.168.20.1]
?
?
?
[root@cj805865-a /root]# ping 
192.168.10.1PING 192.168.10.1 (192.168.10.1) from 192.168.20.1 : 56(84) 
bytes of data.
?
--- 192.168.10.1 ping statistics ---5 packets 
transmitted, 0 packets received, 100% packet loss[root@cj805865-a 
/root]#
tail -f /var/log/messages
?
Sep? 3 20:52:56 cj805865-a kernel: 
cipcb0: cipe_sendmsgSep? 3 20:52:56 cj805865-a kernel: cipcb0: 
setkeySep? 3 20:52:56 cj805865-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:52:56 cj805865-a ciped-cb[2271]: kxchg: recv: 
Connection refusedSep? 3 20:52:56 cj805865-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:52:56 cj805865-a ciped-cb[2271]: kxchg: recv: 
Connection refusedSep? 3 20:52:56 cj805865-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:52:57 cj805865-a ciped-cb[2271]: kxchg: recv: 
Connection refusedSep? 3 20:52:57 cj805865-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:52:58 cj805865-a ciped-cb[2271]: kxchg: recv: 
Connection refusedSep? 3 20:52:58 cj805865-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:52:59 cj805865-a ciped-cb[2271]: kxchg: recv: 
Connection refusedSep? 3 20:52:59 cj805865-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:53:00 cj805865-a ciped-cb[2271]: kxchg: recv: 
Connection refusedSep? 3 20:53:00 cj805865-a kernel: cipcb0: 
cipe_recvmsg
[root@cj805865-a /root]# tcpdump -i 
cipcb0Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet 
sockettcpdump: listening on cipcb020:52:56.609139 > tag > 
192.168.10.1: icmp: echo request (DF)20:52:57.614426 > tag > 
192.168.10.1: icmp: echo request (DF)20:52:58.614403 > tag > 
192.168.10.1: icmp: echo request (DF)20:52:59.615224 > tag > 
192.168.10.1: icmp: echo request (DF)20:53:00.614859 > tag > 
192.168.10.1: icmp: echo request (DF)
cipcb0??? Link encap:IPIP 
Tunnel? HWaddr????????? 
inet addr:192.168.20.1? P-t-P:192.168.10.1? 
Mask:255.255.255.0????????? UP 
POINTOPOINT RUNNING NOARP? MTU:1442? 
Metric:1????????? RX packets:0 
errors:0 dropped:0 overruns:0 
frame:0????????? TX packets:5 
errors:0 dropped:0 overruns:0 
carrier:0????????? collisions:0 
txqueuelen:100
[root@cj805865-a /root]# routeKernel IP 
routing tableDestination???? 
Gateway???????? 
Genmask???????? Flags Metric 
Ref??? Use Iface24.15.181.0???? 
*?????????????? 
255.255.255.128 U???? 0????? 
0??????? 0 
eth0192.168.20.0??? 
*?????????????? 
255.255.255.0?? U???? 
0????? 0??????? 0 
eth1192.168.10.0??? 
*?????????????? 
255.255.255.0?? U???? 
0????? 0??????? 0 
cipcb0127.0.0.0?????? 
*?????????????? 
255.0.0.0?????? U???? 
0????? 0??????? 0 
lodefault???????? 
24.15.181.1???? 
0.0.0.0???????? UG??? 
0????? 0??????? 0 
eth0[root@cj805865-a /root]#
-----------------Following are 
diagnostics from the other end---------------------<FONT 
size=2>
[root@cj461484-a /root]# ping 192.168.20.1PING 
192.168.20.1 (192.168.20.1) from 192.168.10.1 : 56(84) bytes of data.--- 
192.168.20.1 ping statistics ---4 packets transmitted, 0 packets received, 
100% packet loss[root@cj461484-a /root]#tail -f 
/var/log/messagesSep? 3 20:25:25 cj461484-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:25:25 cj461484-a ciped-cb[16422]: kxchg: recv: 
Connection refusedSep? 3 20:25:25 cj461484-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:25:25 cj461484-a ciped-cb[16422]: kxchg: recv: 
Connection refusedSep? 3 20:25:25 cj461484-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:25:26 cj461484-a ciped-cb[16422]: kxchg: recv: 
Connection refusedSep? 3 20:25:26 cj461484-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:25:27 cj461484-a ciped-cb[16422]: kxchg: recv: 
Connection refusedSep? 3 20:25:27 cj461484-a kernel: cipcb0: 
cipe_recvmsgSep? 3 20:25:28 cj461484-a ciped-cb[16422]: kxchg: recv: 
Connection refusedSep? 3 20:25:28 cj461484-a kernel: cipcb0: 
cipe_recvmsgtcpdump -i? cipcb0[root@cj461484-a /root]# 
tcpdump -i cipcb0Kernel filter, protocol ALL, TURBO mode (575 frames), 
datagram packet sockettcpdump: listening on cipcb020:25:25.176898 > 
kramer.choiceonetech.com > 192.168.20.1: icmp: echo request 
(DF)20:25:26.177849 > kramer.choiceonetech.com > 192.168.20.1: icmp: 
echo request (DF)20:25:27.177851 > kramer.choiceonetech.com > 
192.168.20.1: icmp: echo request (DF)20:25:28.177838 > 
kramer.choiceonetech.com > 192.168.20.1: icmp: echo request (DF)
?
[root@cj461484-a /root]# routeKernel IP routing 
tableDestination???? 
Gateway???????? 
Genmask???????? Flags Metric 
Ref??? Use Iface24.7.173.128??? 
*?????????????? 
255.255.255.128 U???? 0????? 
0??????? 0 
eth0192.168.20.0??? 
*?????????????? 
255.255.255.0?? U???? 
0????? 0??????? 0 
cipcb0192.168.10.0??? 
*?????????????? 
255.255.255.0?? U???? 
0????? 0??????? 0 
eth1127.0.0.0?????? 
*?????????????? 
255.0.0.0?????? U???? 
0????? 0??????? 0 
lodefault???????? 
24.7.173.129??? 
0.0.0.0???????? UG??? 
0????? 0??????? 0 
eth0[root@cj461484-a /root]#
?
?
One Last thing is that I am using iptables, and udp ports 
are open on both networks.



<< | Thread Index | >> ]    [ << | Date Index | >> ]