| Subject: | pkcipe has its own ideas about UDP ports |
| From: | Al Grimstad <al,AT,grimstad,DOT,mv,DOT,com> |
| Date: | Sat, 27 Jul 2002 21:56:38 +0200 |
I've been using cipe successfully for quite some time without pkcipe. Now, I want to use pkcipe too for what appears to be its nice way of dealing with dynamic addresses. I've gotten a cipe tunnel working using pkcipe (v 1.5.4), but hardly the way I want it to work. The problem is that I can't seem to contol the UDP ports of the tunnel pkcipe sets up. Let's forget about dynamic addresses initially just to overcome this problem. Here's the /etc/cipe/pk/host file I'm using for the initiator of pkcipe. The hostname of the peer is "bramble". It's corresponding pk/host file is equivalent; nothing fancy in it. Remote invocation is via inetd, all following the recipe. # more bramble -----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY----- # spoke config # cipe addresses ptpaddr 10.10.10.2 ipaddr 10.10.10.1 # transport addresses peer 192.168.200.2:18209 me 192.168.200.1:18208 # scripts ipup /etc/cipe/bramble/ip-up.sh ipdown /etc/cipe/bramble/ip-down.sh Here's the last part of the pkcipe -d255 output: handlePacket 257 14/14 Good signature packetSend: 2a 50 46 (23) 0000: 166d 653d 3139 322e 3136 382e 3230 302e .me=192.168.200. 0010: 313a 3130 3331 ac 1:1031¬ packetRecv: 2a 50 47 (23) 0000: 166d 653d 3139 322e 3136 382e 3230 302e .me=192.168.200. 0010: 323a 3332 3830 36eb 2:32806ë handlePacket 23 16/16 negotiate: me=192.168.200.2:32806 lockMaster starting /usr/local/sbin/ciped-cb for peer bramble packetSend: 2a 50 5e (15) 0000: 1573 7461 7274 6564 2063 6970 6564 31 .started ciped1 unlockMaster packetRecv: 2a 50 5e (14) 0000: 1573 7461 7274 6564 2063 6970 6564 31 .started ciped1 handlePacket 14 15/15 packetSend: 2a 50 56 (7) 0000: 0272 6561 6479 17 .ready. Note that the UDP port negotiated was not the one I asked for. Is this simply broken, or is there something I'm missing? -- al