<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: CIPE ports (was Re: CIPE, windows 2000 configuration (SOLVED))
From: "Dick St.Peters" <stpeters,AT,NetHeaven,DOT,com>
Date: Thu, 29 Aug 2002 18:53:58 +0200
In-reply-to: <Pine.LNX.4.44.0208291651430.2211-100000@echelon.adpsoft.com>

As long as the topic of ports came up, something I've been wondering
about ... one of my CIPE users is configured at my end to connect from
port 1999: 
        peer            0.0.0.0:1999

However, he frequently connects (successfully) from port 1024.  The
pattern seems to be that each time his ADSL IP is changed he first
connects from port 1999, then a few days later his port switches to
1024.

This isn't a question but more like a perplexed observation ...

CIPE 1.5.2/Linux 2.2.19 at my end, I'm not sure what he's using,
except that it's Linux of some kind.

--
Dick St.Peters, stpeters,AT,NetHeaven,DOT,com 

Damion Wilson writes:
> At least one peer must have a fixed address. The host with the "floating" 
> (0.0.0.0) address must send the first packet. It's peer will deduce the 
> return address from the packet itself.
> 
> Each side must listen on a fixed port. Are you confusing ports and 
>addresses ?
> 
> DKW
> 
> On Thursday 29 August 2002 12:06 pm, you wrote:
> > AAAAAAALEEEELUUUUUUYAAAAAAAAAA!!! X-]
> > Ok, I had stoped the DKW Heavy Industries VPN Adapter. Service into my
> > w2k.
> > I started it nad now the vpn circuit runs correctly :-))))))))
> >
> > I only wat to ask few questions.
> > I am going to use cipe with a road-warrior, a w2k box,
> > Does 0.0.0.0 match any ip address?
> > should I configured a fixed port into that w2k box always?
> >
> > Thanks for the help :)
> >
> > On Thu, 29 Aug 2002, Damion Wilson wrote:
> > > The encryption/decryption of CIPE happens in ciped-cb on Linux and the
> > > service cipsrvr.exe on Windows. These must be running for anything to
> > > happen.
> > >
> > > Both sides must have fixed ports configured. The remote port of one must
> > > match the local port of the other.
> > >
> > > On Thursday 29 August 2002 09:05 am, you wrote:
> > > > > I don't think that Windows is convinced of your CLASS_C netmask with
> > > > > a CLASS_A network address (10.0.0.x).
> > > >
> > > > the mask is correct, isn't it?
> > > > It is a class A, 10.0.0.0/8
> > > >
> > > > > Also, I presume that the CIPE-Win32 service is running as is
> > > > > /usr/sbin/ciped-cb -o /etc/cipe/options.
> > > >
> > > > I don't know
> > > >
> > > > > Are both peers setup to listen to port 3333 ?
> > > >
> > > > The windows 2000 don't has a fixed port configured.
> > > >
> > > > > DKW
> > > > >
> > > > > On Wednesday 28 August 2002 03:34 pm, you wrote:
> > > > > > Ah! ok I didn't know anything about that bug.
> > > > > >
> > > > > > Well, here is some useful information:
> > > > > > cipcb0    Link encap:IPIP Tunnel  HWaddr
> > > > > >           inet addr:10.10.10.1  P-t-P:10.10.10.101
> > > > > > Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP  MTU:1442 
> > > > > > Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX
> > > > > > packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0
> > > > > > txqueuelen:100
> > > > > >           RX bytes:0 (0.0 b)  TX bytes:1728 (1.6 Kb)
> > > > > >
> > > > > > # cat /etc/cipe/options.cipcb0
> > > > > > # IPs reales
> > > > > > me 172.16.0.10:3333
> > > > > > peer 172.16.0.1
> > > > > >
> > > > > > # Circuito VPN
> > > > > > ipaddr  10.10.10.1
> > > > > > ptpaddr 10.10.10.101
> > > > > >
> > > > > > # Llave
> > > > > > key = f0274bb895d44b1eb9a89nnf0f0df
> > > > > >
> > > > > > # cat /etc/sysconfig/network-scripts/ifcfg-cipcb0
> > > > > > DEVICE=cipcb0
> > > > > > ONBOOT=yes
> > > > > > USERCTL=no
> > > > > >
> > > > > > Ok now the steps I do in the windows 2000 pro box:
> > > > > > 1- edit tcp/ip options into the cipe device, and configured an ip
> > > > > > address and mask (10.10.10.101/255.255.255.0). No gateway neither
> > > > > > dns servers. 2- from control panel I edit the cipe settings and
> > > > > > created a new peer, with the vpn info.
> > > > > > 3- I try to ping over the VPN circuit without response
> > > > > >
> > > > > > here is the route table of my w2k pro:
> > > > > >
> > > > > > 
>===================================================================
> > > > > >==== ==== Rutas activas:
> > > > > > Destino de red        Máscara de red   Puerta de acceso   Interfaz
> > > > > > Métrica 0.0.0.0          0.0.0.0      172.16.0.10      172.16.0.1
> > > > > > 1 10.0.0.0        255.0.0.0     10.10.10.101    10.10.10.101      
>1
> > > > > > 10.10.10.101  255.255.255.255        127.0.0.1       127.0.0.1    
> 
> > > > > > 1 10.255.255.255  255.255.255.255     10.10.10.101    
>10.10.10.101 
> > > > > >     1 127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1 
> 
> > > > > >    1 172.16.0.0    255.255.255.0       172.16.0.1      172.16.0.1 
> 
> > > > > >    1 172.16.0.1  255.255.255.255        127.0.0.1       127.0.0.1 
> 
> > > > > >    1 172.16.255.255  255.255.255.255       172.16.0.1     
> > > > > > 172.16.0.1      1 224.0.0.0        224.0.0.0     10.10.10.101   
> > > > > > 10.10.10.101      1 224.0.0.0        224.0.0.0       172.16.0.1   
> 
> > > > > >  172.16.0.1      1 255.255.255.255  255.255.255.255      
> > > > > > 172.16.0.1      172.16.0.1 1 Puerta de enlace predeterminada:     
> 
> > > > > > 172.16.0.10
> > > > > > 
>===================================================================
> > > > > >==== ==== Rutas persistentes:
> > > > > >   ninguno
> > > > > >
> > > > > >
> > > > > > Is anything wrong?
> > > > > >
> > > > > > On Wed, 28 Aug 2002, Damion Wilson wrote:
> > > > > > > I can try.
> > > > > > >
> > > > > > > Make sure the CIPE service is running. Also, there's a bug in 
>the
> > > > > > > control panel dialog where it doesn't save field contents
> > > > > > > properly all the time, so check to make sure that the static key
> > > > > > > and other settings are correct by reentering the control panel
> > > > > > > applet after exiting.
> > > > > > >
> > > > > > > DKW
> > > > > > >
> > > > > > > On Wednesday 28 August 2002 02:17 pm, you wrote:
> > > > > > > > Hi Damion,
> > > > > > > >
> > > > > > > > Thanks for your answer. :-]
> > > > > > > > I did that, but CIPE doesn't run, I can't connect.
> > > > > > > > I configured and ip address and mask in the cipe network
> > > > > > > > adapter. Then I went to cipe settings and configured the VPN.
> > > > > > > >
> > > > > > > > Are those steps corrects?
> > > > > > > > Can you give me hand with cipe?
> > > > > > > >
> > > > > > > > See you.
> > > > > > > >
> > > > > > > > On Wed, 28 Aug 2002, Damion Wilson wrote:
> > > > > > > > > Yes. The Cipe network adapter must be configured via TCP/IP
> > > > > > > > > settings before it can have peers added to it via the Cipe
> > > > > > > > > control panel applet.
> > > > > > > > >
> > > > > > > > > DKW
> > > > > > > > >
> > > > > > > > > On Wednesday 28 August 2002 12:22 pm, Docume wrote:
> > > > > > > > > > Hi again,
> > > > > > > > > >
> > > > > > > > > > I resolve the problem with cipe and my linux server, I 
>have
> > > > > > > > > > it running correctly. Now the problem is how to configure
> > > > > > > > > > my windows 2000
> > > > > > > > > >
> > > > > > > > > > I note that there is a new open into my control panel
> > > > > > > > > > called CIPE Settings, I configured the connection there,
> > > > > > > > > > but I can't connect yet to my linux and I don't know the
> > > > > > > > > > reason.
> > > > > > > > > >
> > > > > > > > > > Should I need to configure the cipe interface, the tcp/ip
> > > > > > > > > > settings?
> 
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]