Re: Hi Phil, getting close
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> || Network A
> eth0=62.xxx.xxx.2
> eth1=192.168.1.1
> dhcp=192.168.1.0/24 from 192.168.1.100 to 192.168.1.200
> servers in network are static...
> ||
> so for host a I entered:
> ciped-cb me=62.xxx.xxx.2:6789 peer=64.xxx.xxx.129:6543 ipaddr=192.168.1.1
> ptpaddr=192.168.0.1
You can't have the IP of one end of the VPN be the same as the IP of one
of the ethernet adapters.
> || Netwirk B
> eth0=64.xxx.xxx.129
> eth1=192.168.0.1
> dhcp=192.168.0.1/24 from 192.168.0.100 to 192.168.0.120
> servers in network static...
> ||
>
> for host b:
> ciped-cb me=64.xxx.xxx.129:6543 peer=62.xxx.xxx.2:6789 ipaddr=192.168.0.1
> ptpaddr=192.168.1.1
Ditto.
> after each command line is enetered in each machine......cipcb0 appears in
> ifconfig on one machine. The other one panics and drops the network or
> route. Have to reboot it.
It shouldn't crash like that (it should give you an error instead) but
*why* it crashed is understandable.
> Chain input (policy ACCEPT):
> Chain forward (policy DENY):
> target prot opt source destination ports
> MASQ all ------ 192.168.1.0/24 anywhere n/a
> Chain output (policy ACCEPT):
>
> > And don't forget to specify your encryption keys.
>
> I noticed that /etc/cipe doesn't exist. I created it, and placed a file
> called options with a duplicate key on both machines. BEFORE I ran the
> cipe-cb commands
You have 2 problems
1) The IP numbers you chose for the VPN are the same as the IP numbers of
the ethernet interfaces. That's not good.
Since you use 192.168.1.1 as the internal interface of one firewall, and
192.168.0.1 as the internal interface of the other firewall, you can not
use those IP numbers for the VPN.
For my vpn, the LANs have the IP number ranges 192.168.0/24, 192.168.1/24,
and so on.
The VPN endpoints have IP numbers in the 192.168.254/24 range.
One end looks line this:
eth0: Internet connection - 24.22.x.y
eth1: Internal connection - 192.168.0.1
cipcb0: VPN endpoint - 192.168.254.1
route added to get to 192.168.1/24 using 192.168.254.2 as a gateway
The other looks like this:
eth0: Internet connection - 147.134.x.y
eth0: Internal connection - 192.168.1.1
cipcb0: VPN endpoint - 192.168.254.2
route added to get to 192.168.0/24 using 192.168.254.1 as a gateway
2) You're ipchains rules aren't quite right - you're blocking packets that
you're trying to forward over the VPN.
On both firewalls you need to add
ipchains -A FORWARD -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
for the packets to get through to each vpn.
> Is that right. I am really sorry to bother u, I am new to cipe but not to
> debian, I am sure my kernel and modules are running fine, just need a good
> KICK in the right direction. I can feel that i am close.
>
> Any reason why one machine would freeze, and do i have everything kinda
> close, or should I give up?
It's very close.
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch@tux.creighton.edu
GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6t9ph/ZTSZFDeHPwRAuuJAKDNjxf4YCgpEcTkiEYfLyQTrmLpFQCePYkn
8Ybu3fKAiGnzetpMohRhycQ=
=FKlr
-----END PGP SIGNATURE-----
Reply to: