<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: cannot ping the tunnel
From: SBNelson,AT,thermeon,DOT,com
Date: Wed, 12 Feb 2003 15:47:13 +0100

Can you ping one system from the other, using the public IP addresses (that
is, over the internet, not over the VPN)?
Are the keys identical on both systems?
Are the me/peer settings on one system the mirror image of the settings on
the other system?
What is the output from iptables-save and ipchains-save?  (Sometimes YOU
didn't add firewall logic, but maybe it came that way).

> -----Original Message-----
> From: Swavek Hryniewicz [SMTP:swavek,AT,spmresorts,DOT,com
> Sent: Tuesday, February 11, 2003 5:49 PM
> To:   cipe-l,AT,inka,DOT,de
> Subject:      cannot ping the tunnel
> 
> Hello everyone,
> 
> I can't seem to get cipe to work on my setup and I have been working on it
> for over a week now, so any help would be appreciated.
> 
> Anyway I'm trying to set it up between two linux boxes that at the time
> being are not running any kind of firewall.
> 
> Here is a setup for the first one: /etc/cipe/options
> 
> # the peer's IP address
> ptpaddr         192.168.100.2
> # our CIPE device's IP address
> ipaddr          192.168.100.1
> # my UDP address. Note: if you set port 0 here, the system will pick
> # one and tell it to you via the ip-up script. Same holds for IP 0.0.0.0.
> me              xxxx.xxxx.xxx.xxxx:9999
> # ...and the UDP address we connect to. Of course no wildcards here.
> peer            xxxx.xxxx.xxxx.xxx:9999
> # The static key. Keep this file secret!
> # The key is 128 bits in hexadecimal notation.
> key             xxxxxxxxxxxxxxxxxxxxx
> 
> 
> Here is the setup for the second one: /etc/cipe/options
> 
> # the peer's IP address
> ptpaddr   192.168.100.1
> # our CIPE device's IP address
> ipaddr    192.168.100.2
> # my UDP address. Note: if you set port 0 here, the system will pick
> # one and tell it to you via the ip-up script. Same holds for IP 0.0.0.0.
> me        xxxx.xxxxx.xxxx.xxxx:9999
> # ...and the UDP address we connect to. Of course no wildcards here.
> peer      xxxx.xxxxxxxxx.xxxx:9999
> # The static key. Keep this file secret!
> # The key is 128 bits in hexadecimal notation.
> key       xxxxxxxxxxxxxxxxxxxxx
> 
> in both cipe.log files, i see the entries acknowledging that the devices
> have started when started using:
> /usr/sbin/ciped-cb -o /etc/cipe/options.cipcb0
> 
> However, when I start ciped-cb with the debug option (/usr/sbin/ciped-cb
> -o
> /etc/cipe/options.cipcb0 debug), I get this output on both
> 
> CIPE daemon vers 1.4.5 (c) Olaf Titz 1996-2000
> device=cipcb0
> debug=yes
> ipaddr=192.168.100.1
> ptpaddr=192.168.100.2
> mtu=0
> metric=0
> cttl=0
> me=xxxx.xxxx.xxxx.xxxx:9999
> peer=xxxx.xxxx.xxxx.xxxx:9999
> key=(secret)
> nokey=no
> socks=
> tokxc=0
> tokey=0
> ipup=(none)
> ipdown=(none)
> arg=(none)
> maxerr=-1
> tokxts=0
> ping=0
> toping=0
> dynip=no
> Using cipcb0 index 0
> 
> which looks like it is getting stuck, even though the device shows up when
> /sbin/ifconfig command is issued
> 
> ip forwarding is set on both hosts:
> 
> cat /proc/sys/net/ipv4/ip_forward 1
> 
> The problem is that I can't ping the tunnel at all, meaning from the first
> one I can't ping 192.168.100.2 and vice versa. Both the linuxes are RedHat
> 7.2, and both have cipe version cipe-1.4.5-6.
> 
> I hope someone can help me out, cause I really would like to get this
> stuff working.
> 
> Once again, thanks in advance, Swavek.
> 
> 
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]