<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: NEWBIE: Setup Problems any insight appreciated.
From: Keith Smith <keith,AT,ksmith,DOT,com>
Date: Tue, 18 Dec 2001 21:05:10 +0100

I've 'info'd myself to death, and I must be missing the obvious somewhere.

I have two machines on a network, was trying to set up a tunnel from
10.1.1.1 to 10.1.1.2  from a machine at 192.168.64.2 to one at 192.168.64.124

I copied the sample ip_up and ip_down scripts into /etc/cipe on both machines

According to the 'simple' pkcipe setup this should work.

tempe (192.168.64.2):
----------------------------------------
Slackware 8.0 / 2.2.19 Kernel
IP = 192.168.64.2

Compiled 1.5.2 from sources... ./configure ; make; make install

[keith@tempe] /usr/src/cipe-1.5.2<57>lsmod | grep cip
cipcb0                 27232   0  (unused)

/etc/modules.conf:
...
alias cipcb0 cipcb
options cipcb0 -o cipcb0
...

[keith@tempe] /etc/cipe<61>cat identity
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQml43tofyIcK4V3kt8bV+Ve6j
YZtJu2xhKE7HSXB0YQToQWXlqBKJ3+D4lxeMr7qGEejD+Tb4vZNuA9l4bu4wnhfL
BUsna3HhHbWDW0JOxLnn62eNr9A5wSCfclmv714MSBZm4bj33NGfmhfimuIVAONS
PsDauwSEXCzu8WjKLQIDAQAB
-----END PUBLIC KEY-----

[keith@tempe] /etc/cipe/pk<59>cat b9901
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT6s5KsLweVrvivrrGgQ+0RLJj
Y8vYftSy/JoFhyWr4jfptKjCscXYPoz1MsTrTc7vIShwFUw/DB8eJWN7FKMEkfJG
geOFRitnUaqZ3qMcR/v3q+oGy69+5YrsInCs3wcGcPmt4h1MMry6IHesOkWFwVEa
c6tCcFnNs7076walzQIDAQAB
-----END PUBLIC KEY-----
ipaddr  10.1.1.1
ptpaddr 10.1.1.2

Per the example in the INFO file:

[keith@tempe] /etc/cipe<63>grep pkc /etc/services
pkcipe          4546/tcp    # CIPE Server Port

[keith@tempe] /etc/cipe<62>grep pkc /etc/inetd.conf
pkcipe  stream  tcp     nowait      root    /usr/sbin/tcpd 
/usr/local/sbin/pkcipe -D 7 tempe

NOTE: -D 7 tempe added by me ...  Some places the "id" just follows, 
sometimes it's -i
in the documentation.  Was not real clear to me.

[keith@tempe] /etc/cipe<64>telnet localhost pkcipe
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
*PKCIPE/02 1.5.2 0.1         *¿

**** So far so good?

b9901:
-----------------------------------------
Slackware 8.0 / 2.4.10 Kernel
IP = 192.168.64.124

Compiled 1.5.2 from sources... ./configure ; make; make install

[root@b9901] /root 107 >lsmod | grep cip
cipcb0                 27136   0  (unused)

[root@b9901] /root 108 >grep cip /etc/modules.conf
alias cipcb0 cipcb
options cipcb0 -o cipcb0

[root@b9901] /etc/cipe 110 >cat identity
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT6s5KsLweVrvivrrGgQ+0RLJj
Y8vYftSy/JoFhyWr4jfptKjCscXYPoz1MsTrTc7vIShwFUw/DB8eJWN7FKMEkfJG
geOFRitnUaqZ3qMcR/v3q+oGy69+5YrsInCs3wcGcPmt4h1MMry6IHesOkWFwVEa
c6tCcFnNs7076walzQIDAQAB
-----END PUBLIC KEY-----

[root@b9901] /etc/cipe/pk 112 >cat tempe
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQml43tofyIcK4V3kt8bV+Ve6j
YZtJu2xhKE7HSXB0YQToQWXlqBKJ3+D4lxeMr7qGEejD+Tb4vZNuA9l4bu4wnhfL
BUsna3HhHbWDW0JOxLnn62eNr9A5wSCfclmv714MSBZm4bj33NGfmhfimuIVAONS
PsDauwSEXCzu8WjKLQIDAQAB
-----END PUBLIC KEY-----
ipaddr 10.1.1.2
ptpaddr 10.1.1.1

[root@b9901] /etc/cipe/pk 114 >pkcipe -D 7 -c 192.168.64.2:4546
[root@b9901] /etc/cipe/pk 115 >

Nothing happens.

/var/log/log.debug:
Dec 18 10:58:51 b9901 pkcipe[4121]: setSendKey *
Dec 18 10:58:51 b9901 pkcipe[4121]: setRecvKey *
Dec 18 10:58:51 b9901 pkcipe[4121]: Using protocol 2
Dec 18 10:58:51 b9901 pkcipe[4121]: handlePacket 17 91/91
Dec 18 10:58:51 b9901 pkcipe[4121]: packetSendBN: 128 
af6b6ec5dce0f70c3ff36880eb5a06b5916f4ac5de5866aa9c11f904d36f35210ae3cdd14c40df78b6bd4f7444f12da65d82d55bdc007dae2e09a58f30eda58a361bb507a9103b3bc7504b979716ad2fafe8042f299e0391dca54ce514134708ae891ac4ea923cd6a2edf83bb69144e197eae12f2e82089631d2c24eaa617c29
Dec 18 10:58:51 b9901 pkcipe[4121]: handlePacket 129 52/52
Dec 18 10:58:51 b9901 pkcipe[4121]: packetExtrBN: 128 
731c2a522cb73dfaafa241ed9ebb90f309c968bf76239eba16bb19c5e1816bf75ae2b5784d2ef0d70c462c286b6bb14a6107d575dc40423903cf83d89e610b564949ab47d49cce5008fbbd80f526d70e12d61f8f349bb9b28320f16a02ec5ee71cc2beadf33e4d48b18f04af770694b46ea61f2df918bfbadf3196c2871ed7bb
Dec 18 10:58:51 b9901 pkcipe[4121]: getKeys 128 1
Dec 18 10:58:51 b9901 pkcipe[4121]:  0000:  965b 5605 1b87 ffbb  0000 e43d 
000e
fe18  .[V...<FF><BB>..<E4>=..<FE>.
Dec 18 10:58:51 b9901 pkcipe[4121]: setSendKey 
3ac23c006bdeda48e69d1d712a45510618c78de2
Dec 18 10:58:51 b9901 pkcipe[4121]: setRecvKey 
0f16484390c858c21048b2aa4a8dc647e10b3d5a
Dec 18 10:58:51 b9901 pkcipe[4121]: handlePacket 15 53/53
Dec 18 10:58:51 b9901 pkcipe[4121]: Using peer key /etc/cipe/pk/tempe
Dec 18 10:58:51 b9901 pkcipe[4121]: handlePacket 129 14/14
Dec 18 10:58:51 b9901 pkcipe[4121]: handlePacket 23 01/01

/var/log/messages:
Dec 18 10:58:51 b9901 pkcipe[4121]: handlePacket: received ERROR: Signature 
check failed

------------------------------------------------

Basically the same on the other side
Dec 18 10:57:26 tempe pkcipe[4558]: setSendKey *
Dec 18 10:57:26 tempe pkcipe[4558]: setRecvKey *
Dec 18 10:57:26 tempe pkcipe[4558]: Using protocol 2
Dec 18 10:57:26 tempe pkcipe[4558]: handlePacket 17 91/91
Dec 18 10:57:26 tempe pkcipe[4558]: packetSendBN: 128 
731c2a522cb73dfaafa241ed9ebb90f309c968bf76239eba16bb19c5e1816bf75ae2b5784d2ef0d70c462c286b6bb14a6107d575dc40423903cf83d89e610b564949ab47d49cce5008fbbd80f526d70e12d61f8f349bb9b28320f16a02ec5ee71cc2beadf33e4d48b18f04af770694b46ea61f2df918bfbadf3196c2871ed7bb
Dec 18 10:57:26 tempe pkcipe[4558]: handlePacket 129 52/52
Dec 18 10:57:26 tempe pkcipe[4558]: packetExtrBN: 128 
af6b6ec5dce0f70c3ff36880eb5a06b5916f4ac5de5866aa9c11f904d36f35210ae3cdd14c40df78b6bd4f7444f12da65d82d55bdc007dae2e09a58f30eda58a361bb507a9103b3bc7504b979716ad2fafe8042f299e0391dca54ce514134708ae891ac4ea923cd6a2edf83bb69144e197eae12f2e82089631d2c24eaa617c29
Dec 18 10:57:26 tempe pkcipe[4558]: getKeys 128 -1
Dec 18 10:57:26 tempe pkcipe[4558]:  0000:  965b 5605 1b87 ffbb  0000 e43d 
000e
fe18  .[V...<FF><BB>..<E4>=..<FE>.
Dec 18 10:57:26 tempe pkcipe[4558]: setSendKey 
0f16484390c858c21048b2aa4a8dc647e10b3d5a
Dec 18 10:57:26 tempe pkcipe[4558]: setRecvKey 
3ac23c006bdeda48e69d1d712a45510618c78de2
Dec 18 10:57:26 tempe pkcipe[4558]: handlePacket 15 53/53
Dec 18 10:57:26 tempe pkcipe[4558]: Using peer key /etc/cipe/pk/b9901
Dec 18 10:57:26 tempe pkcipe[4558]: handlePacket 129 14/14
Dec 18 10:57:26 tempe pkcipe[4558]: handlePacket 23 01/01

messages:
Dec 18 10:57:26 tempe pkcipe[4558]: handlePacket: received ERROR: Signature 
check failed

Thanks in Advance for any help.

--
Keith Smith                 keith,AT,ksmith,DOT,com
655 W Fremont Dr
Tempe AZ 85282              it's hot





<< | Thread Index | >> ]    [ << | Date Index | >> ]