<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Possible routing problem - looped route
From: Jan Vittrup Hansen <jan,AT,vittrup-hansen,DOT,dk>
Date: Wed, 28 Nov 2001 10:42:45 +0100

Hi all,

 I am entirely new to the CIPE system, and infact new to VPN
alltogether.
Over the last couple of days I have been trying to set CIPE up between
the place I study, and the place I work. As of yet I am unsuccessful.
I have produced a lengthy description of my problem below, in the hope
that one of you inspired experts can help me get CIPE running.

  Regards, Jan...

 
Problem
-------
Connecting host fails in ping. "strace" reports 100% packet loss in the
logs, 
The ssh connection is locked - I cannot log into the connecting host 
(which is at a remote location).

Possible reasons
----------------
o Routing
o Wrong kernel compiler version
  (version unknown to me [redhat rpm] - depmod warns that there is a
symbol problem,
   but no symbols are ever reported as not matching.)

Setup
-----

HostA is under my control, linux kernel kernel-2.4.8-26mdk, connected
directly to the internet.
HostB is situated in a foreign network, linux kernel-2.2.16-22. The host
is under my control,
the network is not.

An ordinary connection from HostB to HostA passes through a gateway
firewall-host which performs masquerading (and portforwarding for
certain services, such as ssh, when going the other way.)

HostA <--(internet)--> (masq+ipfw+dhcp firewall) <--> HostB 

Configuration
-------------

HostA ip: x.x.x.1 
firewall: y.y.y.y
HostB ip: 172.16.1.1 (local)

Host A:
/etc/cipe/pk/HostB:

-----BEGIN PUBLIC KEY-----
YadaYada
-----END PUBLIC KEY-----
ipaddr x.x.x.1
ptpaddr 172.16.1.1

/etc/cipe/ip-up:

umask 022
PATH=/sbin:/bin:/usr/sbin:/usr/bin
now=`date "+%b %d %T"`
echo "$now UP   $*" >> /var/log/cipe.log
echo "$3 $1" >/var/run/cipe/${6:-$1}.pid
route add -net 17.16.0.0 netmask 255.255.0.0 gw $5
exit 0

Host B: 
/etc/cipe/pk/HostA

-----BEGIN PUBLIC KEY-----
YadaYada
-----END PUBLIC KEY-----
ipaddr 172.16.1.1
ptpaddr x.x.x.1

/etc/cipe/ip-up:

umask 022
PATH=/sbin:/bin:/usr/sbin:/usr/bin
now=`date "+%b %d %T"`
echo "$now UP   $*" >> /var/log/cipe.log
echo "$3 $1" >/var/run/cipe/${6:-$1}.pid
(sleep 10; ping -c5 $5) &
route add -net x.x.x.0 netmask 255.255.255.0 gw $5
exit 0

Run
---
On HostA: pkcipe -s 9999
On HostB: pkcipe -c x.x.x.1:9999

Diagnostics
-----------

HostA: /var/run/cipe/HostB:
-----
arg=HostB
peer=172.16.1.1:2047
me=x.x.x.192:32873
ptpaddr=172.16.1.1
ipaddr=x.x.x.1
key=...

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
172.16.1.1      0.0.0.0         255.255.255.255 UH    0      0        0
cipcb0
172.16.0.0      172.16.1.1      255.255.255.0   UG    0      0        0
cipcb0
x.x.x.0         0.0.0.0         255.255.255.0   U     0      0        0
eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0
lo
0.0.0.0         x.x.x.1         0.0.0.0         UG    0      0        0
eth0

HostB: /var/run/cipe/HostA:
-----
arg=HostA
peer=x.x.x.1:32873
me=x.x.x.192:2047
ptpaddr=x.x.x.1
ipaddr=172.16.1.1
key=...

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
x.x.x.1         0.0.0.0         255.255.255.255 UH    0      0        0
cipcb0
x.x.x.0         x.x.x.1         255.255.255.0   UG    0      0        0
cipcb0
172.16.0.0      0.0.0.0         255.255.0.0     U     0      0        0
eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0
lo
0.0.0.0         y.y.y.y         0.0.0.0         UG    0      0        0
eth0

/var/log/messages cut-out:
Nov 21 16:20:20 nulle1 pkcipe[10614]: connect to x.x.x.1
Nov 21 16:20:20 nulle1 pkcipe[10614]: starting /usr/local/sbin/ciped-cb
for peer HostA
Nov 21 16:20:20 nulle1 ciped-cb[10616]: CIPE daemon vers 1.5.2 (c) Olaf
Titz 1996-2000
Nov 21 16:20:20 nulle1 kernel: cipcb0: alloc
Nov 21 16:20:20 nulle1 kernel: cipcb0: setpar
Nov 21 16:20:20 nulle1 kernel: cipcb0: setkey
Nov 21 16:20:20 nulle1 kernel: cipcb0: attach
Nov 21 16:20:20 nulle1 kernel: cipcb0: opened
Nov 21 16:20:20 nulle1 kernel: cipcb0: looped route
Nov 21 16:20:20 nulle1 last message repeated 17 times
Nov 21 16:20:20 nulle1 kernel: cipcb0: cipe_sendmsg
Nov 21 16:20:20 nulle1 kernel: cipcb0: looped route
Nov 21 16:20:20 nulle1 kernel: cipcb0: cipe_recvmsg
Nov 21 16:20:20 nulle1 kernel: cipcb0: looped route
Nov 21 16:20:52 nulle1 last message repeated 26 times
Nov 21 16:22:02 nulle1 last message repeated 5 times
Nov 21 16:23:45 nulle1 last message repeated 2 times
Nov 21 16:23:45 nulle1 kernel: cipcb0: looped route





<< | Thread Index | >> ]    [ << | Date Index | >> ]