[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Hi Phil, getting close

On Tuesday 20 March 2001 10:10, Phil Brutsche wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A long time ago, in a galaxy far, far way, someone said...
>
> > How do I set the follwing up for my network????
> >
> > Office A
> > outside ip: 62.xxx.xxx.2
> > isp gateway: 62.xxx.xxx.1
> > lan interface: 192.168.1.1
> > inside ip's: 192.168.1.0/24
> >
> >
> > Office B
> > outside ip: 64.xxx.xxx.129
> > isp gateway 64.xxx.xxx.128
> > lan interface: 192.168.0.1
> > inside ip's: 192.168.0.0/24
> >
> > This is an example, but help me plug my own numbers in:
> >
> > Next, you start the CIPE-daemon on each machine:
> >
> > root@A# ciped-cb me=10.0.0.1:6789 peer=10.0.0.2:6543 ipaddr=10.0.1.1
> > ptpaddr=10.0.1.2
> > root@B# ciped-cb peer=10.0.0.1:6789 me=10.0.0.2:6543 ptpaddr=10.0.1.1
> > ipaddr=10.0.1.2
>
> The values for "me" and "peer" need to be the *public* ip numbers.  The
> command lines should look like this:
>
> for host A:
>
> ciped-cb me=62.xxx.xxx.2:6789 peer=64.xxx.xxx.129:6543 ipaddr=10.0.1.1
> ptpaddr=10.0.1.2
>
> for host b:
>
> ciped-cb me=64.xxx.xxx.129:6543 peer=62.xxx.xxx.2:6789 ipaddr=10.0.1.2
> ptpaddr=10.0.1.1
>
> And don't forget to specify your encryption keys.
>
> - --
> - ----------------------------------------------------------------------
> Phil Brutsche				    pbrutsch@tux.creighton.edu
>
> GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D  7E5E FD94 D264 50DE 1CFC
> GPG key id: 50DE1CFC
> GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE6t5z//ZTSZFDeHPwRAjyLAJwJT66XwkxR0hAdC610ICCo8MZebQCZAZRW
> BPKF3HSAwlYL9VdyQOTNoew=
> =GQ1I
> -----END PGP SIGNATURE-----

|| Network A
eth0=62.xxx.xxx.2
eth1=192.168.1.1
dhcp=192.168.1.0/24 from 192.168.1.100 to 192.168.1.200
servers in network are static...
||
so for host a I entered:
ciped-cb me=62.xxx.xxx.2:6789 peer=64.xxx.xxx.129:6543 ipaddr=192.168.1.1
ptpaddr=192.168.0.1

|| Netwirk B
eth0=64.xxx.xxx.129
eth1=192.168.0.1
dhcp=192.168.0.1/24 from 192.168.0.100 to 192.168.0.120
servers in network static...
||

for host b:
ciped-cb me=64.xxx.xxx.129:6543 peer=62.xxx.xxx.2:6789 ipaddr=192.168.0.1
ptpaddr=192.168.1.1


after each command line is enetered in each machine......cipcb0 appears in 
ifconfig on one machine.  The other one panics and drops the network or 
route.  Have to reboot it.

anyways, I am sure I will find a way around it, just wanna make sure I have 
everything correct.

Does this look ok, the address should be reversed on the other side right???

cipcb0    Link encap:IPIP Tunnel  HWaddr
          inet addr:192.168.1.1  P-t-P:192.168.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1442  Metric:1

I thought I had everything configured, but could never ping to the otherside

set up routing tables as follows:

host A:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
255.255.255.255 *               255.255.255.255 UH    0      0        0 eth1
192.168.0.1     *               255.255.255.255 UH    0      0        0 cipcb0
64.xxx.xxx.129   *               255.255.255.255 UH    0      0        0 eth0
localnet        *               255.255.255.248 U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
192.168.0.0     192.168.0.1     255.255.255.0   UG    0      0        0 cipcb0
default         adsl-63-xxx-xxx- 0.0.0.0         UG    0      0        0 eth0

host B:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
255.255.255.255 *               255.255.255.255 UH    0      0        0 eth1
192.168.1.1     *               255.255.255.255 UH    0      0        0 cipcb0
63.xxx.xxx.2   *               255.255.255.255 UH    0      0        0 eth0
localnet        *               255.255.255.248 U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
192.168.1.0     192.168.1.1     255.255.255.0   UG    0      0        0 cipcb0
default         adsl-64-xxx-xxx- 0.0.0.0         UG    0      0        0 eth0

I also have very basic ipchains on both sides, just to get the damn thing 
started.  Network is the reversed respectivily.

Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
MASQ       all  ------  192.168.1.0/24       anywhere              n/a
Chain output (policy ACCEPT):        

> And don't forget to specify your encryption keys.

I noticed that /etc/cipe doesn't exist.  I created it, and placed a file 
called options with a duplicate key on both machines.  BEFORE I ran the 
cipe-cb commands

Is that right.  I am really sorry to bother u, I am new to cipe but not to 
debian, I am sure my kernel and modules are running fine, just need a good 
KICK in the right direction.  I can feel that i am close.

Any reason why one machine would freeze, and do i have everything kinda 
close, or should I give up?

Thanks  Nick
Reply to: