<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: tunnel up but no encryption..
From: "Alex" <aoclarit,AT,kiwi,DOT,dhs,DOT,org>
Date: Thu, 17 Jan 2002 19:48:37 +0100
In-reply-to: <B715CF2FCF4BD4459957BEDCE3022DAD0123B7AB@hermes.vidius.co.il>

well it adds this route when the interface comes up

Destination    Gateway   Genmask                  Flags      MSS    Window
irtt    iface
10.2.1.1         *              255.255.255.255    UH         40         0
0      cipcb0

on box A and the same on box B exept 10.2.1.1 is 10.1.1.1 on this box.
Isn't this correct ?
And secondly, yes I did make sure I captured the stuff on interface cipcb0 I
also have a capturefilter (host 10.1.1.1 and 10.2.1.1) to make sure I only
see the stuff between the 2 cipe interfaces. And the stuff looks exactly
like a normal telnet session.

alex
----- Original Message -----
From: "Arik Baratz" <arikb,AT,vidius,DOT,co,DOT,il>
To: "'Alex'" <aoclarit,AT,kiwi,DOT,dhs,DOT,org>
Sent: Thursday, January 17, 2002 10:26 AM
Subject: RE: tunnel up but no encryption..

>
> Are you SURE you routed the traffic through the cipe interface?
>
> Are you SURE you captured the UDP traffic between the two cipes?
>
> -- Arik
>
> -----Original Message-----
> From: Alex [mailto:aoclarit,AT,kiwi,DOT,dhs,DOT,org
> Sent: Thursday, January 17, 2002 8:11 PM
> To: cipe-l,AT,inka,DOT,de
> Subject: tunnel up but no encryption..
>
>
> Hi folks
>
> I've compiled cipe snapshot 20020112 on RH 7.2 with kernel 2.4.17. It
> compiled with no problems and when I start the cipe interfaces they seem
to
> work.
> Cipcb0 on box A = 10.1.1.1 and cipcb0 on box B = 10.2.1.1. I can ping
> 10.2.1.1 from 10.1.1.1 which I believe proves that the tunnel is up.
> The problem is when I telnet trough the tunnel and capture the session
using
> ethereal it turns out that none of this stuff is encrypted whatsoever. I
can
> see passwords, usernames etc.
> I thought Blowfish was the default cipher but interestingly when I do a
>
> /usr/local/sbin/ciped-cb debug=15
>
> I get this output
>
> CIPE daemon vers 1.6.pre-20020112 (c) Olaf Titz 1996-2000
> device=cipcb
> debug=yes
> cipher=(none)
> ipaddr=10.1.1.1
> ptpaddr=10.2.1.1
> mask=
> bcast=
> mtu=0
> metric=0
> cttl=0
> me={real ip}:6060
> peer={real ip}:6060
> key=(secret)
> nokey=no
> socks=
> tokxc=0
> tokey=0
> ipup=(none)
> ipdown=(none)
> arg=(none)
> maxerr=8
> tokxts=0
> ping=0
> toping=0
> dynip=no
> hwaddr=(none)
> ifconfig=no
> checksum=no
> ignoredf=no
> forcemtu=no
> Using cipcb0 index 0
> sending CT_CONFREQ
> KX: [NK_REQ] sending NK_IND 85E6ADF2
> KX: [NK_RREQ] sending NK_REQ
> KX: [NK_ACK] got 85E6ADF2
> KX: [NK_IND] sending NK_ACK EED01043
>
> I guess the problem is that cipher is set to none instead of Blowfish but
> why ?
>
> an help would be greatly appreciated.
>
> thx
> Alex
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>
>
> ******************************************************************
> This mail message was scanned by Vidius Port Authority
> (Enterprise Edition) for unauthorized confidential and
> proprietary information.
>
> http://www.vidius.com
> ******************************************************************
>





<< | Thread Index | >> ]    [ << | Date Index | >> ]