<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: Newbie ...help ..I have checked the archive also ..still confused ...
From: "Bort, Paul" <pbort,AT,tmwsystems,DOT,com>
Date: Fri, 16 Nov 2001 20:08:13 +0100

My CIPE configuration is very similar, so maybe I can help: 

When I have to restart CIPE (usually because I'm breaking something else) I
use the following commands: 

# Shutdown
ip link set down dev cipcb0             # This turns off the interface
rmmod cipcb                                     # This unloads the module

# Restart
modprobe cipcb                          # This reloads the module
/sbin/ciped-cb -o /etc/cipe/options     # Start CIPE tunnel

It automatically adds the right routing stuff. 

What you might be missing is the "network in the middle". There needs to be
a set of IP addresses that are just for the VPN. 

For example, on one firewall, with eth1=192.168.6.1 and eth0=1.2.3.4, CIPE
config looks like this: 
(Ext. addresses changed)

ptpaddr         192.168.7.200
ipaddr          192.168.7.100
me              1.2.3.4:23517
peer            1.2.3.5:23517

On the other firewall, with eth1=192.168.5.1 and eth0=1.2.3.5, CIPE config
looks like this: 

ptpaddr         192.168.7.100
ipaddr          192.168.7.200
me              1.2.3.5:23517
peer            1.2.3.4:23517

Once you get the connections started, the 'route' command (or 'ip route')
should show a route to the 'other' network on each side, like this: 

1.2.3.4 dev eth0  scope link 
192.168.6.1 dev eth1  scope link 
192.168.7.200 dev cipcb0  proto kernel  scope link  src 192.168.7.100 
1.2.3.0/27 dev eth0  proto kernel  scope link  src 1.2.3.4
192.168.6.0/24 dev eth1  proto kernel  scope link  src 192.168.6.1 
192.168.5.0/24 via 192.168.7.200 dev cipcb0 
127.0.0.0/8 dev lo  scope link 
default via 1.2.3.1 dev eth0 

Good Luck!

> -----Original Message-----
> From: Karthik Mohanasundaram [mailto:mkarthik1978,AT,yahoo,DOT,com
> Sent: Friday, November 16, 2001 10:52 AM
> To: cipe-l,AT,inka,DOT,de
> Subject: Newbie ...help ..I have checked the archive also ..still
> confused ...
> 
> 
> hi,
> 
> I am a newbie to CIPE and I am trying to setup a VPN
> connection using CIPE 1.4.5. I am initially trying out
> this connection within a private network .. [
> experimenting with it right now .. ]
> 
> I am kind of running on a deadline .. so plz help me
> out ..
> 
> I am running CIPE 1.4.5 and Mandrake 7.0 with 2.2.19
> kernel on that ..
> 
> The details of my connection are :
> 
> private net 1 : 192.168.2.x
> |
> |
> |
> eth0 : 192.168.2.1
> CIPE Gateway 1 ..
> eth1 : 202.120.1.10
> |
> |
> |
> |
> eth1 : 202.120.1.1
> CIPE Gateway 2 ..
> eth0 192.168.1.1
> |
> |
> |
> private net 2 : 192.168.1.x
> 
> 
> As i am trying to simulate the network I am directly
> connecting eth1's of the gateway's .. The machines on
> pri.net 2 have 192.168.1.1 as their gateway and
> machines on pri.net 1 have 192.168.2.1 as their
> gateways ..
> 
> 
> Options of Gateway 1 :
> 
> device                cipcb0
> ptpaddr               192.168.1.1
> ipaddr                192.168.2.1
> me            202.120.1.10:9000
> peer          202.120.1.1:9000
> key           xxxxx ....
> 
> Options of Gateway 2 :
> 
> device                cipcb0
> ptpaddr               192.168.2.1
> ipaddr                192.168.1.1
> me            202.120.1.1:9000
> peer          202.120.1.10:9000
> key           xxxxxx ..... [ not my original key .. ]
> 
> 
> I am sctually using the ip-up and ip-down scripts for
> ipchains that I got from the Cipe+Masq - HOWTO I got
> from the linuxdoc.org mini How-To's site ...
> 
> SHOULD I WRITE MY OWN ip-up or ip-down ???
> 
> I got the Gateway's connected once and the device
> [cipcb0] was enabled but i messed up the routing and
> so I am trying to start that up again but there is
> some problem with it that I am not able to catch up
> with ..
> 
> The /var/log/messages that i got are :
> 
> ---snip---
> Nov 16 03:55:49 localhost kernel: cipcb: CIPE driver
> vers 1.4.5 (c) Olaf Titz 1996-2000, 100 channels,
> debug=1 
> Nov 16 03:55:49 localhost kernel: cipcb:
> cipe_alloc_dev 0 
> Nov 16 03:56:05 localhost ciped-cb[840]: CIPE daemon
> vers 1.4.5 (c) Olaf Titz 1996-2000
> Nov 16 03:56:05 localhost kernel: cipcb0: alloc 
> Nov 16 03:56:05 localhost kernel: cipcb0: setpar 
> Nov 16 03:56:05 localhost kernel: cipcb0: setkey 
> Nov 16 03:56:05 localhost kernel: cipcb0: attach 
> Nov 16 03:56:05 localhost kernel: cipcb0: opened 
> Nov 16 03:56:05 localhost kernel: cipcb0: cipe_recvmsg
> 
> Nov 16 03:56:05 localhost kernel: cipcb0: setkey 
> Nov 16 03:56:05 localhost kernel: cipcb0: cipe_sendmsg
> 
> Nov 16 03:56:05 localhost kernel: cipcb0: cipe_recvmsg
> 
> Nov 16 03:56:05 localhost kernel: cipcb0: cipe_sendmsg
> 
> Nov 16 03:56:05 localhost kernel: cipcb0: setkey 
> Nov 16 03:56:05 localhost kernel: cipcb0: cipe_recvmsg
> 
> Nov 16 03:56:05 localhost kernel: cipcb0: setkey 
> Nov 16 03:56:05 localhost kernel: cipcb0: cipe_recvmsg
> 
> Nov 16 03:56:32 localhost kernel: cipcb0: closing 
> Nov 16 03:56:32 localhost ciped-cb[840]: kxchg: recv:
> Device not configured
> Nov 16 03:56:32 localhost ciped-cb[840]: Interface
> stats     1040       5    0    0    0     0          0
>         0        0       0    0    0    0     0      
> 0          0  
> Nov 16 03:56:32 localhost ciped-cb[840]: KX stats:
> rreq=0, req=1, ind=1, indb=0, ack=1, ackb=0, unknown=0
> 
> Nov 16 03:56:32 localhost ciped-cb: options: not
> absolute
> Nov 16 03:56:32 localhost ciped-cb[874]: opendev:
> bind: Address already in use
> Nov 16 03:56:32 localhost kernel: cipcb0: sock_close 
> Nov 16 03:56:32 localhost kernel: cipcb0: closed 
> Nov 16 03:56:32 localhost ciped-cb[840]: cipcb0:
> daemon exiting
> ---snip---
> 
> Again i tried to connect but this time also no success
> !!!
> 
> ---snip---
> Nov 16 03:59:17 localhost ciped-cb[888]: CIPE daemon
> vers 1.4.5 (c) Olaf Titz 1996-2000
> Nov 16 03:59:17 localhost kernel: cipcb0: alloc 
> Nov 16 03:59:17 localhost ciped-cb[888]: opendev:
> alloc: Device or resource busy
> ---snip---
> 
> Is there any time gap after which I should restart the
> ciped-cb server ??? [ I CHANGED THE PORT NUMBERS in
> the options file ...]
> 
> 
> PLZ help me out on this ...
> 
> karthik.
> 
> __________________________________________________
> Do You Yahoo!?
> Find the one for you at Yahoo! Personals
> http://personals.yahoo.com
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 





<< | Thread Index | >> ]    [ << | Date Index | >> ]