Hi Phil, getting close
On Tuesday 20 March 2001 10:10, Phil Brutsche wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A long time ago, in a galaxy far, far way, someone said...
>
> > How do I set the follwing up for my network????
> >
> > Office A
> > outside ip: 62.xxx.xxx.2
> > isp gateway: 62.xxx.xxx.1
> > lan interface: 192.168.1.1
> > inside ip's: 192.168.1.0/24
> >
> >
> > Office B
> > outside ip: 64.xxx.xxx.129
> > isp gateway 64.xxx.xxx.128
> > lan interface: 192.168.0.1
> > inside ip's: 192.168.0.0/24
> >
> > This is an example, but help me plug my own numbers in:
> >
> > Next, you start the CIPE-daemon on each machine:
> >
> > root@A# ciped-cb me=10.0.0.1:6789 peer=10.0.0.2:6543 ipaddr=10.0.1.1
> > ptpaddr=10.0.1.2
> > root@B# ciped-cb peer=10.0.0.1:6789 me=10.0.0.2:6543 ptpaddr=10.0.1.1
> > ipaddr=10.0.1.2
>
> The values for "me" and "peer" need to be the *public* ip numbers. The
> command lines should look like this:
>
> for host A:
>
> ciped-cb me=62.xxx.xxx.2:6789 peer=64.xxx.xxx.129:6543 ipaddr=10.0.1.1
> ptpaddr=10.0.1.2
>
> for host b:
>
> ciped-cb me=64.xxx.xxx.129:6543 peer=62.xxx.xxx.2:6789 ipaddr=10.0.1.2
> ptpaddr=10.0.1.1
>
> And don't forget to specify your encryption keys.
>
> - --
> - ----------------------------------------------------------------------
> Phil Brutsche pbrutsch@tux.creighton.edu
>
> GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
> GPG key id: 50DE1CFC
> GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE6t5z//ZTSZFDeHPwRAjyLAJwJT66XwkxR0hAdC610ICCo8MZebQCZAZRW
> BPKF3HSAwlYL9VdyQOTNoew=
> =GQ1I
> -----END PGP SIGNATURE-----
|| Network A
eth0=62.xxx.xxx.2
eth1=192.168.1.1
dhcp=192.168.1.0/24 from 192.168.1.100 to 192.168.1.200
servers in network are static...
||
so for host a I entered:
ciped-cb me=62.xxx.xxx.2:6789 peer=64.xxx.xxx.129:6543 ipaddr=192.168.1.1
ptpaddr=192.168.0.1
|| Netwirk B
eth0=64.xxx.xxx.129
eth1=192.168.0.1
dhcp=192.168.0.1/24 from 192.168.0.100 to 192.168.0.120
servers in network static...
||
for host b:
ciped-cb me=64.xxx.xxx.129:6543 peer=62.xxx.xxx.2:6789 ipaddr=192.168.0.1
ptpaddr=192.168.1.1
after each command line is enetered in each machine......cipcb0 appears in
ifconfig on one machine. The other one panics and drops the network or
route. Have to reboot it.
anyways, I am sure I will find a way around it, just wanna make sure I have
everything correct.
Does this look ok, the address should be reversed on the other side right???
cipcb0 Link encap:IPIP Tunnel HWaddr
inet addr:192.168.1.1 P-t-P:192.168.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1442 Metric:1
I thought I had everything configured, but could never ping to the otherside
set up routing tables as follows:
host A:
Destination Gateway Genmask Flags Metric Ref Use Iface
255.255.255.255 * 255.255.255.255 UH 0 0 0 eth1
192.168.0.1 * 255.255.255.255 UH 0 0 0 cipcb0
64.xxx.xxx.129 * 255.255.255.255 UH 0 0 0 eth0
localnet * 255.255.255.248 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.0.0 192.168.0.1 255.255.255.0 UG 0 0 0 cipcb0
default adsl-63-xxx-xxx- 0.0.0.0 UG 0 0 0 eth0
host B:
Destination Gateway Genmask Flags Metric Ref Use Iface
255.255.255.255 * 255.255.255.255 UH 0 0 0 eth1
192.168.1.1 * 255.255.255.255 UH 0 0 0 cipcb0
63.xxx.xxx.2 * 255.255.255.255 UH 0 0 0 eth0
localnet * 255.255.255.248 U 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 192.168.1.1 255.255.255.0 UG 0 0 0 cipcb0
default adsl-64-xxx-xxx- 0.0.0.0 UG 0 0 0 eth0
I also have very basic ipchains on both sides, just to get the damn thing
started. Network is the reversed respectivily.
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ 192.168.1.0/24 anywhere n/a
Chain output (policy ACCEPT):
> And don't forget to specify your encryption keys.
I noticed that /etc/cipe doesn't exist. I created it, and placed a file
called options with a duplicate key on both machines. BEFORE I ran the
cipe-cb commands
Is that right. I am really sorry to bother u, I am new to cipe but not to
debian, I am sure my kernel and modules are running fine, just need a good
KICK in the right direction. I can feel that i am close.
Any reason why one machine would freeze, and do i have everything kinda
close, or should I give up?
Thanks Nick
Reply to: