MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYmbJjDRaEcLLtcUo34x5aA4ta is much
different from any key I've seen before. Aren't keys usually
md5sums? What key formats (and sizes) does cipe support?
On 16 Jul 2002, Mathieu Dumontet wrote:
> Hi group
> i am kind of a newbie with cipe and all that routing stuff and i really
> appreciate some help on my configuration.
> so here goes:
> I'm using two linux red-hat 7.3 firewall with the 2.4.18-3 kernel. On
> the 2 sites i have compile the cipe version 1.5.4. The sites will
> connect via the internet.
> I've got masquerading on the 2 sites with iptables, here's the rule i
> use: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
> So here's my questions:
> -What's wrong with the following config...? Because it's not working.
> -When i Start the tunnel the first time, i have to start pkcipe for the
> key exchange, follow by cipe-cb ... right? Do i have to use ip-up and
> ip-down somewhere?
> -Did someone try the cipe configurator that come build in with red-hat
> 7.3? (redhat-config-network)
> So any help or insight would be greatly appreciate
> ***Config file and log message***
> Here's my to options files
> -Site A
> device cipcb1
> me Public IP adress of firewall on site A
> peer Public IP adress of firewall on site B
> ipaddr 192.168.1.250
> ptpaddr 192.168.10.250
> key MIICXgIBAAKBgQDji9IJlbZQ7fJZj/dX3sd3qMi7Zmxu72UUgSafDPrPwEwilT8u
> cttl 64
> -Site B
> device cipcb0
> me Public IP adress of firewall on site B
> peer Public IP adress of firewall on site A
> ipaddr 192.168.10.250
> ptpaddr 192.168.1.250
> key MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYmbJjDRaEcLLtcUo34x5aA4ta
> cttl 64
> Here's my log file on one of my firewall:
> Jul 16 10:43:21 firewall kernel: cipcb: CIPE driver vers 1.4.5 (c) Olaf
> Titz 1996-2000, 100 channels, debug=1
> Jul 16 10:43:21 firewall kernel: cipcb: cipe_alloc_dev 0
> Jul 16 10:43:21 firewall kernel: cipcb0: alloc
> Jul 16 10:43:21 firewall kernel: cipcb0: ciped version mismatch f3d2234c
> -> 25bed682
> Jul 16 10:43:21 firewall ciped-cb: opendev: alloc
> Jul 16 10:43:21 firewall /etc/hotplug/net.agent: invoke ifup cipcb0
> Jul 16 10:43:58 firewall kernel: cipcb: cipe_unalloc_dev 0
> Jul 16 10:43:58 firewall /etc/hotplug/net.agent: NET unregister event
> not supported
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
20417 SW 70th Ave.
Tualatin, OR 97062