<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Phil Scarratt <fil,AT,draxsen,DOT,com>
Subject: Re: Setting up CIPE on XP
From: James Knott <james.knott,AT,rogers,DOT,com>
Date: Tue, 12 Aug 2003 20:33:10 -0400
Cc: CIPE <cipe-l,AT,inka,DOT,de>
In-reply-to: <3F3984E1.9000308@draxsen.com>
References: <3F2E9BCA.9010402@rogers.com> <3F2F0B0F.8010309@draxsen.com> <3F317F12.2060102@rogers.com> <3F31B4EB.6080003@draxsen.com> <3F344E68.1030505@rogers.com> <3F34AFDE.4030009@draxsen.com> <3F384192.3080200@rogers.com> <3F38517F.9090007@draxsen.com> <3F395462.6090808@rogers.com> <3F3984E1.9000308@draxsen.com>

Phil Scarratt wrote:
It's gotta be something on the XP routing side. Windows routing is a little strange (but then again maybe it's only strange to those who are used to the enlightened Linux way of things).

There's plenty strange in the way Billy G. does things. ;-)



The 192.168.2.0 route is automatically added by windows because of the CIPE adapter TCP settings. In other words, windows assumes that if an adapter has an address w.x.y.z, then the network (regardless of whether there is any other machines connected or even a cable plugged in) connected to that adapter is w.x.y.0 (which is a reasonable assumption I guess). Also, from a TCP/IP point of view, the CIPE tunnel is a LAN in it's own right - hence 192.168.2.10 and 192.168.2.20 form a network.


Try connecting without the route add 192.168.2.10 192.168.2.20 command in the Startup Script. It should not be necessary. The automatic windows 192.168.2.0 route should be sufficient to get to 192.168.2.10 and in fact Windows may be getting confused (which it quite often does :) )

Removing that makes no difference. I had tried it before and again now.
I can ping 192.168.2.20, but not 192.168.2.10 and I don't see any traffic. I'll have to get Ethereal for Windows and see if it shows anything.


tnx


Fil


James Knott wrote:

My home lan is 192.168.1.0. The firewall cipe address is 192.168.2.10 and the notebook is 192.168.2.20. There is no remote lan. The notebook is assigned an address, when it connects to the ISP.

This combo works in Linux. I'm also curious about that 192.168.2.0 route, when there is no 192.168.2.0 lan. There's only the 2 vpn end points with a 192.168.2.x address.


Phil Scarratt wrote:


What is the LAN IP range for the network the firewall is on? Is it 192.168.2.0? If so, when I originally installed on Windows (2k - not sure if XP had the same problem) I HAD to choose ip addresses for the CIPE link that were not part of either ends LAN range. EG:
LAN-A: 192.168.1.0
CIPE_A-B: 192.168.2.0
LAN-B: 192.168.3.0
Choosing .1.0 or .2.0 for CIPE_A-B didn't work for some complicated reason which I cannot remember.


Fil
James Knott wrote:

Atfer getting nowhere fast, I reinstalled the CIPE drivers.

I've configured the VPN as follows.

Local IP address 0.0.0.0 Port 6969
Peer IP Address <real host name> Port 6969
Local PTP Address 192.168.2.20
Peer PTP Address 192.168.2.10
Status Enabled
Cipher NONE
Startup Script route add 192.168.2.10 192.168.2.20

route print shows

C:\Documents and Settings\jknott>route print
===========================================================================


Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 00 e2 8a 26 aa ...... Intel(R) PRO/100 VE Network Connection - Packe
Scheduler Miniport
0x3 ...00 20 e0 8a a6 ce ...... IBM High Rate Wireless LAN MiniPCI Combo Card
Packet Scheduler Miniport
0x4 ...08 00 58 00 00 01 ...... CIPE VPN Adapter - Packet Scheduler Miniport
0x20006 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================


===========================================================================

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.40 192.168.1.31 21
0.0.0.0 0.0.0.0 209.188.83.238 209.188.83.238 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.31 192.168.1.31 20
192.168.1.31 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.31 192.168.1.31 20
192.168.2.0 255.255.255.0 192.168.2.20 192.168.2.20 30
192.168.2.10 255.255.255.255 192.168.2.20 192.168.2.20 1
192.168.2.20 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.2.255 255.255.255.255 192.168.2.20 192.168.2.20 30
209.188.80.79 255.255.255.255 209.188.83.238 209.188.83.238 1
209.188.83.238 255.255.255.255 127.0.0.1 127.0.0.1 50
209.188.83.255 255.255.255.255 209.188.83.238 209.188.83.238 50
224.0.0.0 240.0.0.0 192.168.1.31 192.168.1.31 20
224.0.0.0 240.0.0.0 192.168.2.20 192.168.2.20 30
224.0.0.0 240.0.0.0 209.188.83.238 209.188.83.238 1
255.255.255.255 255.255.255.255 192.168.1.31 192.168.1.31 1
255.255.255.255 255.255.255.255 192.168.1.31 3 1
255.255.255.255 255.255.255.255 192.168.2.20 192.168.2.20 1
Default Gateway: 209.188.83.238
===========================================================================


Persistent Routes:
 None


After all this, I can ping the notebook end, but not the firewall end. Also, I don't see any indication of data going through the VPN.












<< | Thread Index | >> ]    [ << | Date Index | >> ]