| Subject: | PKCIPE will not reconnect |
| From: | "Brett Johnson" <mlcipe,AT,k50,DOT,net> |
| Date: | Thu, 23 Jan 2003 03:34:15 +0100 |
(COUGH COUGH someone may find this a little bit helpful in setting up pkcipe COUGH GASP) I've been having this problem off and on for awhile, but it's now causing enough problems to be moved up my priority list. I've dug through the mailing list archives but didn't seem to find anything related to this problem. I have a few firewalls I do CIPE VPN's between using PKCIPE for all the connection stuff. I run Red Hat 7.3 and 8.0 boxes. I compile the kernel from kernel.org. On each box I've removed the RH cipe*.rpm and have compiled cipe-1.5.4. To be clear, I stay away from Red Hat kernels and the old version of CIPE they never seem to upgrade. My 2 systems currently being used for trying to fix this problem: "chihuahua.net.k90.dynamic.dhcp" is my RH80 box with kernel 2.4.20. I have an internal DHCP server with DDNS set up on this box for my LAN. That's why the name is so long. Real Internet IP is 65.71.225.187 Internal IP is 192.168.25.1 This box is the PKCIPE "client". "confidence.k50.net" is my RH73 box with kernel 2.4.18. Real Internet IP is 65.172.141.2 Internal IP is 172.16.1.2 This box is the PKCIPE "server". When the VPNs are up and running they work great. I do not believe this is a configuration issue on my side...otherwise I'd never have gotten the first VPN running to begin with. Sometimes one of those VPN's will die off for various reasons (usually death by ISP). Sometimes I can reconnect it using PKCIPE, most of the time I cannot. I've tried many different things, but I haven't been able to really find the source of the problem. Usually I will do a reconnect the brutal way...on each box I'll clean up by: ps axw | grep cipe kill cipe pids ps axw | grep ping kill any pings laying around rm /var/run/cipe/* rmmod cipcb modprobe cipcb sometimes I'll restart xinetd just for the fun of it. "ifconfig cipcb* down" is pointless as the interface is already gone by this point (if it wasn't gone already) Now, *in theory*, this should hard reset both boxes and make them clean for a new connection, right? (as in I'm troubleshooting and totally starting the connection process over). All keys used with pkcipe are chmod 400 and owned by root. Key/Profile on chihuahua: /etc/cipe/pk/confidence.k50.net -----BEGIN PUBLIC KEY----- <4 lines cut> -----END PUBLIC KEY----- ipaddr 192.168.25.9 ptpaddr 172.16.1.248 maxerr 4 ping 12 toping 5 Key/Profile on confidence: /etc/cipe/pk/chihuahua.net.k90.dynamic.dhcp -----BEGIN PUBLIC KEY----- <4 lines cut> -----END PUBLIC KEY----- ipaddr 172.16.1.248 ptpaddr 192.168.25.9 maxerr 4 ping 12 toping 5 The public keys cut out do match the identity file of the peer machines (this config has worked before).