<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Cipe basic... i think?
From: ewheeler,AT,kaico,DOT,com
Date: Wed, 17 Jul 2002 00:05:38 +0200
In-reply-to: <1026834233.26971.93.camel@gothmog.inteplanlan.net>

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYmbJjDRaEcLLtcUo34x5aA4ta is much
different from any key I've seen before.  Aren't keys usually
md5sums?  What key formats (and sizes) does cipe support?

--Eric

On 16 Jul 2002, Mathieu Dumontet wrote:

> Hi group
> 
> i am kind of a newbie with cipe and all that routing stuff and i really
> appreciate some help on my configuration.
> 
> so here goes: 
> 
> I'm using two linux red-hat 7.3 firewall with the 2.4.18-3 kernel. On
> the 2 sites i have compile the cipe version 1.5.4. The sites will
> connect via the internet.    
> 
> I've got masquerading on the 2 sites with iptables, here's the rule i
> use: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
> 
> So here's my questions:
> 
> -What's wrong with the following  config...? Because it's not working.
> 
> -When i Start the tunnel the first time, i have to start pkcipe for the
> key exchange, follow by cipe-cb ... right? Do i have to use ip-up and
> ip-down somewhere?
> 
> -Did someone try the cipe configurator that come build in with red-hat
> 7.3? (redhat-config-network)
> 
> So any help or insight would be greatly appreciate
> 
> thanks
> 
> mathieu 
> 
> 
> ***Config file and log message***
> 
> Here's my to options files
> 
> -Site A
> 
> device  cipcb1
> me      Public IP adress of firewall on site A
> peer    Public IP adress of firewall on site B
> ipaddr  192.168.1.250
> ptpaddr 192.168.10.250
> key    MIICXgIBAAKBgQDji9IJlbZQ7fJZj/dX3sd3qMi7Zmxu72UUgSafDPrPwEwilT8u
> cttl 64
> 
> -Site B
> 
> device  cipcb0
> me      Public IP adress of firewall on site B
> peer    Public IP adress of firewall on site A
> ipaddr  192.168.10.250
> ptpaddr 192.168.1.250
> key     MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYmbJjDRaEcLLtcUo34x5aA4ta
> cttl 64
> 
> Here's my log file on one of my firewall:
> 
> Jul 16 10:43:21 firewall kernel: cipcb: CIPE driver vers 1.4.5 (c) Olaf
> Titz 1996-2000, 100 channels, debug=1
> Jul 16 10:43:21 firewall kernel: cipcb: cipe_alloc_dev 0
> Jul 16 10:43:21 firewall kernel: cipcb0: alloc
> Jul 16 10:43:21 firewall kernel: cipcb0: ciped version mismatch f3d2234c
> -> 25bed682
> Jul 16 10:43:21 firewall ciped-cb[30885]: opendev: alloc
> Jul 16 10:43:21 firewall /etc/hotplug/net.agent: invoke ifup cipcb0
> Jul 16 10:43:58 firewall kernel: cipcb: cipe_unalloc_dev 0
> Jul 16 10:43:58 firewall /etc/hotplug/net.agent: NET unregister event
> not supported
> 
> 
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 

-- 

Eric Wheeler
Network Administrator
KAICO
20417 SW 70th Ave.
Tualatin, OR 97062
www.kaico.com
Voice: 503.692.5268





<< | Thread Index | >> ]    [ << | Date Index | >> ]