<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Cannot get traffic across CIPE link - how it was fixed
From: Edmund von der Burg <edmund,AT,ecclestoad,DOT,co,DOT,uk>
Date: Fri, 20 Sep 2002 10:19:17 +0200

I found out what was wrong and how to fix it.

It either appears to be that I needed to change kernel to 2.4.19 from 2.4.2
(unlikely) or that IP tunnelling needed to be turned on it the kernel.

I was inspired to try this when I though of giving Open VPN a go, but it
needed IP Tunnelling - hence the recompile and the now working CIPE.

As CIPE now seems to work nicely I shall stick with it.

Thank you to those who replied to this message.

Cheers,

Edmund.

On Wed, Sep 18, 2002 at 06:54:04PM +0100, Edmund von der Burg wrote:
> 
> Hello,
> 
> I am trying to set up a VPN between two static IP addresses.
> 
> The link is established but no traffic can be sent down it.  Running with
> debug shows NK_REQ and ACK on both sides but all pings are lost, as is all
> other traffic.
> 
> I have opened up the iptables code as much as possible but it has no effect
> (standard INPUT, OUTPUT and FORWARD policies are ACCEPT). Other
> communications between the two computers are fine.
> 
> Please could someone spot the stupid error I am probably making or give me
> some pointers as to where I should start to look.
> 
> Cheers,
> 
> Edmund.
> 
> 
> #### relevant details ####
> 
> host1 eth0 is on subnet 10.1.0.0/255.255.0.0
> host1 eth1 is on 217.206.184.50
> 
> host2 eth0 is on subnet 10.2.0.0/255.255.0.0
> host2 eth1 is on 213.152.52.194
> 
> 
> # /etc/cipe/options on host1 (bogus key) #
> device                cipcb0
> ptpaddr               10.2.1.6
> ipaddr                10.1.1.6
> me            217.206.184.50:1001
> peer          213.152.52.194:1002
> key           776751628587f72800b2e66bfca1e303
> 
> # /etc/cipe/options on host2 (bogus key) #
> device          cipcb0
> ptpaddr         10.1.1.6
> ipaddr          10.2.1.6
> me              213.152.52.194:1002
> peer            217.206.184.50:1001
> key           776751628587f72800b2e66bfca1e303
> 
> 
> # output of route -n on host1 #
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
>Iface
> 10.2.1.6        0.0.0.0         255.255.255.255 UH    0      0        0 
>cipcb0
> 217.206.184.48  0.0.0.0         255.255.255.248 U     0      0        0 eth1
> 10.2.0.0        10.2.1.6        255.255.0.0     UG    0      0        0 
>cipcb0
> 10.1.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0
> 10.1.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         217.206.184.49  0.0.0.0         UG    0      0        0 eth1
> 
> # output of route -n on host2 #
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
>Iface
> 10.1.1.6        0.0.0.0         255.255.255.255 UH    0      0        0 
>cipcb0
> 213.152.52.192  0.0.0.0         255.255.255.252 U     0      0        0 eth1
> 10.2.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0
> 10.1.0.0        10.1.1.6        255.255.0.0     UG    0      0        0 
>cipcb0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         213.152.52.193  0.0.0.0         UG    0      0        0 eth1
> 
> 
> # Initial log output on starting of ciped-cb on host1 #
> # ciped-cb is already up on host2 #
> Sep 18 18:47:01 hillary ciped-cb[20161]: CIPE daemon vers 1.5.4 (c) Olaf 
>Titz 1996-2000
> Sep 18 18:47:01 hillary kernel: cipcb0: alloc
> Sep 18 18:47:01 hillary kernel: cipcb0: setpar
> Sep 18 18:47:01 hillary kernel: cipcb0: setkey
> Sep 18 18:47:01 hillary kernel: cipcb0: attach
> Sep 18 18:47:01 hillary kernel: cipcb0: opened
> Sep 18 18:47:01 hillary kernel: cipcb0: cipe_sendmsg
> Sep 18 18:47:01 hillary kernel: cipcb0: cipe_recvmsg
> Sep 18 18:47:01 hillary ciped-cb[20161]: peer configuration info: proto=3, 
>crypto=b, version=1.5, correct key parser
> Sep 18 18:47:01 hillary kernel: cipcb0: cipe_recvmsg
> -- start to try pinging 10.2.1.6 --
> Sep 18 18:47:23 hillary kernel: cipcb0: cipe_sendmsg
> Sep 18 18:47:23 hillary kernel: cipcb0: setkey
> Sep 18 18:47:23 hillary kernel: cipcb0: cipe_recvmsg
> Sep 18 18:47:23 hillary kernel: cipcb0: cipe_sendmsg
> Sep 18 18:47:23 hillary kernel: cipcb0: cipe_recvmsg
> Sep 18 18:47:23 hillary kernel: cipcb0: setkey
> Sep 18 18:47:23 hillary kernel: cipcb0: cipe_sendmsg
> Sep 18 18:47:23 hillary kernel: cipcb0: cipe_recvmsg
> -- continues like this --
> 
> # host2 is very much like above #
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>

-- 
 ***********************************************************
 *** Edmund von der Burg ***   edmund,AT,ecclestoad,DOT,co,DOT,uk   ***
 ***    Eccles & Toad    *** http://www.ecclestoad.co.uk ***
 ***********************************************************





<< | Thread Index | >> ]    [ << | Date Index | >> ]