<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: cannot ping the tunnel
From: "Swavek Hryniewicz" <swavek,AT,spmresorts,DOT,com>
Date: Wed, 12 Feb 2003 18:25:38 +0100
In-reply-to: <7DB0958915FDD611961400A0C98F18460BCE67@WINTRIX.thermeon.com>

1.Yes, I can ping the outside world if not going through the tunnel.

2. Should the keys be identical on both systems, I'm not sure (though I
don't think so), I got my keys using:
ps -auxw|md5sum
on both machines separately

3. Yes, the me/peer settings are mirror images.

4. There is no firewall on either one of those boxes:
/sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

What concerns me that when I start the program /usr/sbin/ciped-cb -o
/etc/cipe/options.cipcb0 in the debug option it seems to hang.

The second thing I was wondering about is whether anybody ever encountered
any problems with cipe if the hardware (nic cards) was not working properly.

Thanks again, Swavek.

-----Original Message-----
From: owner-cipe-l,AT,inka,DOT,de [mailto:owner-cipe-l,AT,inka,DOT,de Behalf 
Of
SBNelson,AT,thermeon,DOT,com
Sent: Wednesday, February 12, 2003 9:36 AM
To: swavek,AT,spmresorts,DOT,com; cipe-l,AT,inka,DOT,de
Subject: RE: cannot ping the tunnel

Can you ping one system from the other, using the public IP addresses (that
is, over the internet, not over the VPN)?
Are the keys identical on both systems?
Are the me/peer settings on one system the mirror image of the settings on
the other system?
What is the output from iptables-save and ipchains-save?  (Sometimes YOU
didn't add firewall logic, but maybe it came that way).

> -----Original Message-----
> From: Swavek Hryniewicz [SMTP:swavek,AT,spmresorts,DOT,com
> Sent: Tuesday, February 11, 2003 5:49 PM
> To:   cipe-l,AT,inka,DOT,de
> Subject:      cannot ping the tunnel
>
> Hello everyone,
>
> I can't seem to get cipe to work on my setup and I have been working on it
> for over a week now, so any help would be appreciated.
>
> Anyway I'm trying to set it up between two linux boxes that at the time
> being are not running any kind of firewall.
>
> Here is a setup for the first one: /etc/cipe/options
>
> # the peer's IP address
> ptpaddr         192.168.100.2
> # our CIPE device's IP address
> ipaddr          192.168.100.1
> # my UDP address. Note: if you set port 0 here, the system will pick
> # one and tell it to you via the ip-up script. Same holds for IP 0.0.0.0.
> me              xxxx.xxxx.xxx.xxxx:9999
> # ...and the UDP address we connect to. Of course no wildcards here.
> peer            xxxx.xxxx.xxxx.xxx:9999
> # The static key. Keep this file secret!
> # The key is 128 bits in hexadecimal notation.
> key             xxxxxxxxxxxxxxxxxxxxx
>
>
> Here is the setup for the second one: /etc/cipe/options
>
> # the peer's IP address
> ptpaddr   192.168.100.1
> # our CIPE device's IP address
> ipaddr    192.168.100.2
> # my UDP address. Note: if you set port 0 here, the system will pick
> # one and tell it to you via the ip-up script. Same holds for IP 0.0.0.0.
> me        xxxx.xxxxx.xxxx.xxxx:9999
> # ...and the UDP address we connect to. Of course no wildcards here.
> peer      xxxx.xxxxxxxxx.xxxx:9999
> # The static key. Keep this file secret!
> # The key is 128 bits in hexadecimal notation.
> key       xxxxxxxxxxxxxxxxxxxxx
>
> in both cipe.log files, i see the entries acknowledging that the devices
> have started when started using:
> /usr/sbin/ciped-cb -o /etc/cipe/options.cipcb0
>
> However, when I start ciped-cb with the debug option (/usr/sbin/ciped-cb
> -o
> /etc/cipe/options.cipcb0 debug), I get this output on both
>
> CIPE daemon vers 1.4.5 (c) Olaf Titz 1996-2000
> device=cipcb0
> debug=yes
> ipaddr=192.168.100.1
> ptpaddr=192.168.100.2
> mtu=0
> metric=0
> cttl=0
> me=xxxx.xxxx.xxxx.xxxx:9999
> peer=xxxx.xxxx.xxxx.xxxx:9999
> key=(secret)
> nokey=no
> socks=
> tokxc=0
> tokey=0
> ipup=(none)
> ipdown=(none)
> arg=(none)
> maxerr=-1
> tokxts=0
> ping=0
> toping=0
> dynip=no
> Using cipcb0 index 0
>
> which looks like it is getting stuck, even though the device shows up when
> /sbin/ifconfig command is issued
>
> ip forwarding is set on both hosts:
>
> cat /proc/sys/net/ipv4/ip_forward 1
>
> The problem is that I can't ping the tunnel at all, meaning from the first
> one I can't ping 192.168.100.2 and vice versa. Both the linuxes are RedHat
> 7.2, and both have cipe version cipe-1.4.5-6.
>
> I hope someone can help me out, cause I really would like to get this
> stuff working.
>
> Once again, thanks in advance, Swavek.
>
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>

--
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]