<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: "kxchg: recv: Connection refused" Error
From: Mark Burring <markb,AT,deeptech,DOT,com,DOT,au>
Date: Wed, 5 Sep 2001 09:07:38 +0200
In-reply-to: <001501c135e7$75b1f940$0b0aa8c0@choiceonetech.com>


I get the same between a redhat 6.2 box and a slackware 7 box.


Imran Ghaznavi wrote:
0b0aa8c0,AT,choiceonetech,DOT,com">
  
  
  
  Hello,
  
I have been trying to get CIPE  working for past couple of weeks with no
luck. Following is an issue that I was  not able to find any info on the
net.
  
Let me give you the environment  info first.
  
-Linux Distribution: Redhat 7.1
-Recompiled kernel  version: 2.4.9
-CIPE version: 1.5.2
  
  ?
  Problem: Cannot send traffic across the
 tunnel.
  ?
  I think Key Exchange is not happening
 properly.
  ?
  I also have another question. In version
1.5.2 if  we are using /etc/cipe/identity and /etc/cipe/identity.priv what
is the purpose  of "key" in the options file ?
  ?
  In the current options file the key option
is set  on both ends.
  ?
  Please look at the logs below and see
if you can  spot the problem. Let me know if you need any other information.
  
  ?
  Any help will be greatly appreciated.
Thank  You
  ?
  --Imran Ghaznavi
  ?
  ?
  ?
  
  24.7.173.167/25-------.??????24.15.181.22/25----.
  ??????????????????????
 \?????????????????????????\
  --LAN-----eth1--Router--eth0------INTERNET------eth0--Router--eth1---LAN---
  ?  ?????????  \?????????????????????????????????????????????????
 /
  ?????????????`---192.168.10.1/24???????????192.168.20.1/24?--/
  ?
  ?[cipcb0: 192.168.10.1]------VPN
TUNNEL OVER  INET-----[cipcb0: 192.168.20.1]
  ?
  
  ?
  ?
  [root@cj805865-a /root]# ping  192.168.10.1
PING 192.168.10.1 (192.168.10.1) from 192.168.20.1 : 56(84)  bytes of data.
  ?
  --- 192.168.10.1 ping statistics ---
5 packets  transmitted, 0 packets received, 100% packet loss
[root@cj805865-a  /root]#
  
  tail -f /var/log/messages
  ?
  Sep? 3 20:52:56 cj805865-a kernel:
 cipcb0: cipe_sendmsg
Sep? 3 20:52:56 cj805865-a kernel: cipcb0:  setkey
Sep? 3 20:52:56 cj805865-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:52:56 cj805865-a ciped-cb[2271]: kxchg: recv:  Connection refused
Sep? 3 20:52:56 cj805865-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:52:56 cj805865-a ciped-cb[2271]: kxchg: recv:  Connection refused
Sep? 3 20:52:56 cj805865-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:52:57 cj805865-a ciped-cb[2271]: kxchg: recv:  Connection refused
Sep? 3 20:52:57 cj805865-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:52:58 cj805865-a ciped-cb[2271]: kxchg: recv:  Connection refused
Sep? 3 20:52:58 cj805865-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:52:59 cj805865-a ciped-cb[2271]: kxchg: recv:  Connection refused
Sep? 3 20:52:59 cj805865-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:53:00 cj805865-a ciped-cb[2271]: kxchg: recv:  Connection refused
Sep? 3 20:53:00 cj805865-a kernel: cipcb0:  cipe_recvmsg
  
  [root@cj805865-a /root]# tcpdump -i
 cipcb0
Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet  socket
tcpdump: listening on cipcb0
20:52:56.609139 > tag >  192.168.10.1: icmp: echo request (DF)
20:52:57.614426 > tag >  192.168.10.1: icmp: echo request (DF)
20:52:58.614403 > tag >  192.168.10.1: icmp: echo request (DF)
20:52:59.615224 > tag >  192.168.10.1: icmp: echo request (DF)
20:53:00.614859 > tag >  192.168.10.1: icmp: echo request (DF)
  
  cipcb0??? Link encap:IPIP  Tunnel? HWaddr
?????????  inet addr:192.168.20.1? P-t-P:192.168.10.1?  Mask:255.255.255.0
????????? UP  POINTOPOINT RUNNING NOARP? MTU:1442?  Metric:1
????????? RX packets:0  errors:0 dropped:0 overruns:0  frame:0
????????? TX packets:5  errors:0 dropped:0 overruns:0  carrier:0
????????? collisions:0  txqueuelen:100
  
  [root@cj805865-a /root]# route
Kernel IP  routing table
Destination????  Gateway????????  Genmask???????? Flags Metric  Ref??? Use
Iface
24.15.181.0????  *??????????????  255.255.255.128 U???? 0?????  0???????
0  eth0
192.168.20.0???  *??????????????  255.255.255.0?? U????  0????? 0???????
0  eth1
192.168.10.0???  *??????????????  255.255.255.0?? U????  0????? 0???????
0  cipcb0
127.0.0.0??????  *??????????????  255.0.0.0?????? U????  0????? 0???????
0  lo
default????????  24.15.181.1????  0.0.0.0???????? UG???  0????? 0???????
0  eth0
[root@cj805865-a /root]#
  
  
  -----------------Following are  diagnostics from the
other end---------------------
  
  [root@cj461484-a /root]# ping 192.168.20.1
PING  192.168.20.1 (192.168.20.1) from 192.168.10.1 : 56(84) bytes of data.
  
---  192.168.20.1 ping statistics ---
4 packets transmitted, 0 packets received,  100% packet loss
[root@cj461484-a /root]#
  
tail -f  /var/log/messages
  
Sep? 3 20:25:25 cj461484-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:25:25 cj461484-a ciped-cb[16422]: kxchg: recv:  Connection refused
Sep? 3 20:25:25 cj461484-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:25:25 cj461484-a ciped-cb[16422]: kxchg: recv:  Connection refused
Sep? 3 20:25:25 cj461484-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:25:26 cj461484-a ciped-cb[16422]: kxchg: recv:  Connection refused
Sep? 3 20:25:26 cj461484-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:25:27 cj461484-a ciped-cb[16422]: kxchg: recv:  Connection refused
Sep? 3 20:25:27 cj461484-a kernel: cipcb0:  cipe_recvmsg
Sep? 3 20:25:28 cj461484-a ciped-cb[16422]: kxchg: recv:  Connection refused
Sep? 3 20:25:28 cj461484-a kernel: cipcb0:  cipe_recvmsg
  
tcpdump -i? cipcb0
  
[root@cj461484-a /root]#  tcpdump -i cipcb0
Kernel filter, protocol ALL, TURBO mode (575 frames),  datagram packet socket
tcpdump: listening on cipcb0
20:25:25.176898 >  kramer.choiceonetech.com > 192.168.20.1: icmp: echo
request  (DF)
20:25:26.177849 > kramer.choiceonetech.com > 192.168.20.1: icmp:  echo
request (DF)
20:25:27.177851 > kramer.choiceonetech.com >  192.168.20.1: icmp: echo
request (DF)
20:25:28.177838 >  kramer.choiceonetech.com > 192.168.20.1: icmp: echo
request (DF)
  ?
  [root@cj461484-a /root]# route
Kernel IP routing  table
Destination????  Gateway????????  Genmask???????? Flags Metric  Ref??? Use
Iface
24.7.173.128???  *??????????????  255.255.255.128 U???? 0?????  0???????
0  eth0
192.168.20.0???  *??????????????  255.255.255.0?? U????  0????? 0???????
0  cipcb0
192.168.10.0???  *??????????????  255.255.255.0?? U????  0????? 0???????
0  eth1
127.0.0.0??????  *??????????????  255.0.0.0?????? U????  0????? 0???????
0  lo
default????????  24.7.173.129???  0.0.0.0???????? UG???  0????? 0???????
0  eth0
[root@cj461484-a /root]#
  
  ?
  ?
  One Last thing is that I am using
iptables, and udp ports  are open on both networks.
  
  
  
  
  -- 

        Mark Burring
        Internetworking Specialist/Unix Sysadmin
        Deeptech, Intelligent Networking

  
  
  



<< | Thread Index | >> ]    [ << | Date Index | >> ]