Subject: RE: Cipe and masquerading.
From: Rod Boyce <rod_boyce,AT,stratexnet,DOT,com>
Date: Wed, 25 Sep 2002 22:50:00 +0200


Firstly how do you know that the CIPE connection is up?
Do you have the UDP port that you are running CIPE over port forwarded from
host C to host D?  I ask this question because you say host D is running
CIPE but host C is the gateway for that network. This being the case you
have to have the UPD port that CIPE is running over forwarded from host C to
host D.
Check and recheck that you have the same MD5 key at each end of the link.

If you still have not joy let me know.  I would also suggest opening port
22(SSH) through the firewalls to both Linux boxes this is going to help you
greatly to be able to see both end at the same time.

Rod Boyce.

From:   Kurt Roeckx [mailto:Q,AT,ping,DOT,be 
Sent:   Wednesday, September 25, 2002 1:08 PM
To:     cipe-l,AT,inka,DOT,de
Subject:        Cipe and masquerading.

I've been looking thru the archives for my problem, it seems to
come up alot, but I can't find the solution.

This is the setup:

host A <---> host B <---> internet <---> host C <---> host D <---> host E

Host B and C both do masquerading/nat of all traffic.
Host B and D run cipe (1.5.4) on Linux 2.4.19.
Host B and D have static routes for the other (private) nets. 

The problem:
Host B can reach both D and E.
Host A can not reach D or E, but can reach the internet.
Host D and E can reach B, not A.

I think the problem is related to host B doing both the NAT and
the cipe at the same time, but not sure what.

If host A sends something to D/E, I don't see it on the cipb0 or ppp0
device at all.

What I think that should happen is that the traffic to D/E should
not be masqueraded, but just tunneled to the other side.  I tried
preventing that with iptables -t nat -I POSTROUTING -d -j
but that didn't seem to have any effect.

The packet seems to get lost when it's send in the cipb0 device,
and never gets to ppp0.

Any idea how I can fix this?


