<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Linux - Win2K VPN
From: "Damion K. Wilson" <dwilson,AT,ibl,DOT,bm>
Date: Mon, 17 Mar 2003 20:23:43 +0100
In-reply-to: <3E75BA2E.30701@draxsen.com>

Ok,

1.      You've changed the CIPE adapter's IP address to be on a different 
subnet
        than the Ethernet. Good. Presumably, the peer's cipe adapter should 
also be
        192.168.0.1 or something like that.

2.      The Local IP Address for the CIPE peer is wrong. it MUST either match 
the
        IP address of an existing network adapter (not CIPE's !) or 0.0.0.0. 
This is
        probably your problem here. You appear to have interpreted this to 
mean
        the IP address of some other computer or gateway, which it is not: 
The word
        Local means "local".

3.      The Peer IP address MUST be the IP address of the peer's LAN or WAN 
adapter
        to be used to receive the UDP tunnel packets. This should be an 
address that
        you can actually 'ping' (assuming no firewall blocks them). It looks 
like
        this is already the case.

4.      The Local Port is what CIPE uses to receive, or 'listen' for, tunnel
        packets. The Peer should have this as its Peer Port. Similarly, the
        Peer Port on this machine denotes where the tunnel packets will go,
        so the Peer itself should have this as its Local IP Port.

Hope this helps

DKW

On Monday 17 March 2003 10:21 am, you wrote:
> IPCOnfig Output:
>
> Ethernet adapter CIPE:
>
>          Connection-specific DNS Suffix  . :
>          IP Address. . . . . . . . . . . . : 192.168.0.2
>          Subnet Mask . . . . . . . . . . . : 255.255.255.0
>          Default Gateway . . . . . . . . . :
>
> Ethernet adapter Local Area Connection:
>
>          Connection-specific DNS Suffix  . :
>          IP Address. . . . . . . . . . . . : 192.168.1.201
>          Subnet Mask . . . . . . . . . . . : 255.255.255.0
>          Default Gateway . . . . . . . . . : 192.168.1.254
>
>
> Control Panel:
>
> Local IP Address: 222.222.222.222 PORT: 10001
> (The IP addres put here is the IP address of the internet connection on
> the gateway machine on the Win2k client's local net)
> Peer IP Address: 111.111.111.111 PORT: 10000
> (This IP address is the internet connection's IP address on the remote
> peer - Linux machine)
> Local PTP Address: 192.168.0.2
> Peer PTP Address: 192.168.0.1
> Status: Enabled? is ticked
> Key Settings:
> Static Key: 66332547659682279845607406745812
> Cipher: Blowfish
> Timeout (seconds): 600
>
> NMap output:
>
> root,AT,192,DOT,168,DOT,1,DOT,200 root]# nmap -p 10000-10001 192.168.1.201
>
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
> All 2 scanned ports on rivendell (192.168.1.201) are: closed
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
>
>
> The above output is the same regardless of whether the cipsrvr exe is
> actually running or not (keeping in mind I can only keep it running with
> the peer disabled in control panel).
>
> I could be barking up way the wrong tree but?????
>
> thanks for all your time and help, it really is much appreciated.
> Fil
>
> Damion K. Wilson wrote:
> > What do you mean by "open a port" ?
> >
> > Can you send me your config info again ?
> >
> > DKW
> >
> > On Monday 17 March 2003 08:06 am, Phil Scarratt wrote:
> >>Hi
> >>
> >>Continuing on the saga with the CIPE not working ont he Win2K client. To
> >>recap - the problem is that the cipsrvr does not stay running with the
> >>peer enabled and nor does any data even touch the CIPE interface (to be
> >>expected as cipsrvr is not running). Anyway, the last thing I did was
> >>scan the ports (nmap from linux machine) and port 10001 (the port CIPE
> >>is configured for) is closed (even with cipsrvr running - ie peer
> >>disabled). I have no firewall or anything (to my knowledge) on the Win2K
> >>  machine. Which all leads to:
> >>
> >>Any ideas on how to open a port on Win2K? Googled to no avail.
> >>
> >>Fil





<< | Thread Index | >> ]    [ << | Date Index | >> ]