<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Cannot get traffic across CIPE link
From: Edmund von der Burg <edmund,AT,ecclestoad,DOT,co,DOT,uk>
Date: Wed, 18 Sep 2002 20:09:01 +0200

Hello,

I am trying to set up a VPN between two static IP addresses.

The link is established but no traffic can be sent down it.  Running with
debug shows NK_REQ and ACK on both sides but all pings are lost, as is all
other traffic.

I have opened up the iptables code as much as possible but it has no effect
(standard INPUT, OUTPUT and FORWARD policies are ACCEPT). Other
communications between the two computers are fine.

Please could someone spot the stupid error I am probably making or give me
some pointers as to where I should start to look.

Cheers,

Edmund.

#### relevant details ####

host1 eth0 is on subnet 10.1.0.0/255.255.0.0
host1 eth1 is on 217.206.184.50

host2 eth0 is on subnet 10.2.0.0/255.255.0.0
host2 eth1 is on 213.152.52.194

# /etc/cipe/options on host1 (bogus key) #
device          cipcb0
ptpaddr         10.2.1.6
ipaddr          10.1.1.6
me              217.206.184.50:1001
peer            213.152.52.194:1002
key             776751628587f72800b2e66bfca1e303

# /etc/cipe/options on host2 (bogus key) #
device          cipcb0
ptpaddr         10.1.1.6
ipaddr          10.2.1.6
me              213.152.52.194:1002
peer            217.206.184.50:1001
key             776751628587f72800b2e66bfca1e303

# output of route -n on host1 #
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.2.1.6        0.0.0.0         255.255.255.255 UH    0      0        0 cipcb0
217.206.184.48  0.0.0.0         255.255.255.248 U     0      0        0 eth1
10.2.0.0        10.2.1.6        255.255.0.0     UG    0      0        0 cipcb0
10.1.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.1.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         217.206.184.49  0.0.0.0         UG    0      0        0 eth1

# output of route -n on host2 #
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.1.1.6        0.0.0.0         255.255.255.255 UH    0      0        0 cipcb0
213.152.52.192  0.0.0.0         255.255.255.252 U     0      0        0 eth1
10.2.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.1.0.0        10.1.1.6        255.255.0.0     UG    0      0        0 cipcb0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         213.152.52.193  0.0.0.0         UG    0      0        0 eth1

# Initial log output on starting of ciped-cb on host1 #
# ciped-cb is already up on host2 #
Sep 18 18:47:01 hillary ciped-cb[20161]: CIPE daemon vers 1.5.4 (c) Olaf Titz 
1996-2000
Sep 18 18:47:01 hillary kernel: cipcb0: alloc
Sep 18 18:47:01 hillary kernel: cipcb0: setpar
Sep 18 18:47:01 hillary kernel: cipcb0: setkey
Sep 18 18:47:01 hillary kernel: cipcb0: attach
Sep 18 18:47:01 hillary kernel: cipcb0: opened
Sep 18 18:47:01 hillary kernel: cipcb0: cipe_sendmsg
Sep 18 18:47:01 hillary kernel: cipcb0: cipe_recvmsg
Sep 18 18:47:01 hillary ciped-cb[20161]: peer configuration info: proto=3, 
crypto=b, version=1.5, correct key parser
Sep 18 18:47:01 hillary kernel: cipcb0: cipe_recvmsg
-- start to try pinging 10.2.1.6 --
Sep 18 18:47:23 hillary kernel: cipcb0: cipe_sendmsg
Sep 18 18:47:23 hillary kernel: cipcb0: setkey
Sep 18 18:47:23 hillary kernel: cipcb0: cipe_recvmsg
Sep 18 18:47:23 hillary kernel: cipcb0: cipe_sendmsg
Sep 18 18:47:23 hillary kernel: cipcb0: cipe_recvmsg
Sep 18 18:47:23 hillary kernel: cipcb0: setkey
Sep 18 18:47:23 hillary kernel: cipcb0: cipe_sendmsg
Sep 18 18:47:23 hillary kernel: cipcb0: cipe_recvmsg
-- continues like this --

# host2 is very much like above #





<< | Thread Index | >> ]    [ << | Date Index | >> ]