<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: ping fails sometimes
From: "Berghmans, Peter" <Peter.Berghmans,AT,khm,DOT,be>
Date: Wed, 5 Jun 2002 13:43:54 +0200

Wolfgang, all

Here is a more detailled description of my problem: ping works now and
then.

First my setup:

Cipe 1.4.6 (disabled dyndev) runs on a floppy (both ends, based on
floppyfw), based on 2.2.20. Module is ok, cipcb0 comes up (thanks you
Wolfgang).

configurations:

PC1
ptpaddr 10.0.0.1
ipaddr 172.16.0.1
me 0.0.0.0:8016
peer 12.0.0.44:8017
key aaaaaaa
cttl 64
maxerr -1

PC2
ptpaddr 172.16.0.1
ipaddr 10.0.0.1
me 0.0.0.0:8017
peer 12.0.0.43:8016
key aaaaaaa
cttl 64
maxerr -1

some routing-information:
PC1
Destination      GW    iface
10.0.0.1/32          *    cipcb0
172.16.0.0/16     *    eth1
12.0.0.0               *    eth0

PC2
Destination      GW    iface
172.16.0.1/32     *    cipcb0
10.0.0.0/8            *    eth1
12.0.0.0               *    eth0

results of ping 172.16.0.1 (PC2) same as 10.0.0.1 (PC1)
ping works 4 or 5 times, then lots of packets get lost. After a while
ping restarts for 4 or 5 times, and so on.

Now and then I log this:
cipcb0: cipe_recvmesg
cipcb0: cipe_sendmsg
cipcb0: setkey

There is no firewall and no masquerading (eventhough I first tried with
my masquerading rules active, same result)

Whats the solution to this (strange) behaviour?

Peter

-----Original Message-----
From:   Wolfgang Ailec
Sent:   Wed 6/5/2002 9:37
To:     Berghmans, Peter; cipe-l,AT,inka,DOT,de
Cc:     
Subject:        RE: cipe on a floppy

Hallo Peter,
this error may come from the bind system call which returned
EINVAL in 2 cases:
1. The socket is already bound to an address, which means, that
    another process is using this socket (another ciped-cb?)
2. The addrlen is wrong, or the socket was not in the AF_UNIX family.

I experienced a third case, if I use an IP Address, which is not bound
to any local interface, I will get the same error message (Kernel
2.2.19,
not on kernel 2.4.x)

Maybe it will help using the line

me 0.0.0.0:7016

instead the original one in the options file and/or change the port
numbers to be really sure, that the ports you are using are not in use
by another process. I hope that something of this will help.
Good Luck!

Wolfgang

At 11:37 PM 6/4/02 +0200, Berghmans, Peter wrote:
>Wolfgang
>
>Thank you for your help. I checked things out .
>
>Now, I've got a different error:
>
>opendev: bind: invalid argument...
>
>-----Original Message-----
>From:   Wolfgang Ailec
>Sent:   Tue 6/4/2002 22:41
>To:     Berghmans, Peter; cipe-l,AT,inka,DOT,de
>Cc:
>Subject:        Re: cipe on a floppy
>
>Hi,
>I think you forgot to set the right permissions on the options file.
>As I remember it is necessary to set the permissions to 0600 and the
>file must be owned by root (so that nobody else could read the key :-)
>
>Wolfgang
>
>At 10:29 PM 6/4/02 +0200, Berghmans, Peter wrote:
>
> >Hi
> >
> >Like I stated earlier on this mailinglist, I was trying to put cipe
on
>a
> >floppy-based firewall/vpn solution. I use floppyfw
>(www.zelow.no/floppyfw)
> >for this. Cipe has version 1.4.6.
> >
> >The result of my work is that cipe exits with the message 'cipecb:
>missing
> >argument: peer'. Below the steps I have done.
> >
> >1. Compiled kernel 2.2.20 (with versioned symbols and ipforwarding).
> >2. Compiled cipe against the source of 2.2.20 (once with the option
> >--disable-dyndev and once without. No difference as result).
> >3. Copied the new kernel, together with
> >       ciped.o
> >       ciped-cb
> >       ip-up
> >       ip-down
> >       options
> >      to the floppy and booted with this
> >4. load the module with 'insmod ciped.o'
> >5. check the module with lsmod (ok)
> >6. start the config with 'ciped-cb -o /etc/cipe/options
device=cipcb0'
> >(...where things go wrong)
> >
> >here is the contents of 'options':
> >
> >ptpaddr 10.11.14.1
> >ipaddr 10.0.1.7
> >me x.x.x.x.14:7016
> >peer y.y.y.y:7017
> >key aaaaaaaa
> >cttl 64
> >maxerr -1
> >
> >As you can see, peer is there, but I don't think this is the problem.
> >Note: my floppyfw has only insmod as tool to handle modules. modprobe
> >isn't provided. this is why I setted the --disable-dyndev option at
> >config-time.
> >
> >Is there anyone who can help me out with this?
> >
> >Note: my previous question was about a segmentation fault while
>starting
> >ciped-cb. This was because of wrong libs. This problem has been
>solved...
> >So the libs are ok!
>
>------------------------------------------
>Ing. Wolfgang Ailec, ACP IT Solutions GmbH
>(vormals INTAKT Telekommunikation GmbH)
>Faerberberg 69             A-8330 Feldbach
>email: W.Ailec,AT,awe,DOT,at, Ailec,AT,intakt,DOT,at
>Tel.No.: +43 3152 30300
>Fax.No.: +43 2235 4362211
>WWW : <http://www.intakt.at/>
>    <http://www.awe.at/> <http://www.acp.at>
>------------------------------------------
>
>
>
>
>

------------------------------------------
Ing. Wolfgang Ailec, ACP IT Solutions GmbH
(vormals INTAKT Telekommunikation GmbH)
Faerberberg 69             A-8330 Feldbach
email: W.Ailec,AT,awe,DOT,at, Ailec,AT,intakt,DOT,at
Tel.No.: +43 3152 30300
Fax.No.: +43 2235 4362211
WWW : <http://www.intakt.at/>
   <http://www.awe.at/> <http://www.acp.at>
------------------------------------------

Attachment: bin00001.bin
Description: "winmail.dat"


<< | Thread Index | >> ]    [ << | Date Index | >> ]