cannot connect from linux cipe server to windows cipe client

Hi,

I am trying to connect Redhat Linux 9 cipe server to Windows 2003(
tried windows NT too) cipe client.

I can ping from Windows 2003(and also Windows NT) server (both of
which contain CIPE client installed) to CIPE server on Redhat Linux 9
server. But i cannot ping the Windows CIPE client from the Linux
machine..

This a short description of what i have done: -

On the Linux machine(67.xx.xx.159)=>

1)I edited the file /etc/sysconfig/iptables to allow incoming UDP
packets

-A INPUT -p udp -m udp -s 67.xx.xx.159 -d 67.xx.xxx.161 --sport 6790
--dport 6789 -j ACCEPT

where 67.xx.xxx.159 : Linux m/c
67.xx.xxx.161 : Windows m/c containing CIPE client

2) Edited a file : /etc/sysconfig/network-scripts/ifcfg-cipcb0

DEVICE=cipcb0
ONBOOT=yes
USERCTL=yes
MYPORT=6789
PEER=67.xx.xxx.161:6790
PTPADDR=192.168.0.2
IPADDR=192.168.0.1

3) I created a key in /etc/cipe/options.cipcb0 on both machines. It
reads:

key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

and did the following

# chmod 600 /etc/cipe/options.cipcb0

4) Started CIPE using

# /etc/sysconfig/network-scripts/ifup-cipcb ifcfg-cipcb0

I checked using ifconfig , cipcb0 is up and running..



Now on the windows 2003 machine(67.xx.xxx.161),

1)Created a network device using CIPE Windows NDIS driver and service,
version 2.0-pre15. (391k, zip).

the settings are as follows:

Local IP address : 192.168.0.2 Port:6790
Peer IP Address : 67.xx.xxx.159 Port:6789
Local PTP Address: 192.168.0.2
Peer PTP Address : 192.168.0.1

Key : XXXXXXXXXXXXXXXXXXXXXXXXX(same as on the linux machine)

Cipher: Blowfish

Time out : 600

I can ping Linux machine from windows
ping 192.168.0.1

But i cannot ping cipe client on windows from linux
ping 192.168.0.2

it shows 100% packet loss..


i couldn't find any solution to what i am doing wrong...
Any help will be greatly appreciated..

Thanks,
Ann

Ann wrote:

> Hi,
>
> I am trying to connect Redhat Linux 9 cipe server to Windows 2003(
> tried windows NT too) cipe client.
>
> I can ping from Windows 2003(and also Windows NT) server (both of
> which contain CIPE client installed) to CIPE server on Redhat Linux 9
> server. But i cannot ping the Windows CIPE client from the Linux
> machine..
>
> This a short description of what i have done: -
>
> On the Linux machine(67.xx.xx.159)=>
>
> 1)I edited the file /etc/sysconfig/iptables to allow incoming UDP
> packets
>
> -A INPUT -p udp -m udp -s 67.xx.xx.159 -d 67.xx.xxx.161 --sport 6790
> --dport 6789 -j ACCEPT
>
> where 67.xx.xxx.159 : Linux m/c
> 67.xx.xxx.161 : Windows m/c containing CIPE client
>
> 2) Edited a file : /etc/sysconfig/network-scripts/ifcfg-cipcb0
>
> DEVICE=cipcb0
> ONBOOT=yes
> USERCTL=yes
> MYPORT=6789
> PEER=67.xx.xxx.161:6790
> PTPADDR=192.168.0.2
> IPADDR=192.168.0.1
>
> 3) I created a key in /etc/cipe/options.cipcb0 on both machines. It
> reads:
>
> key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
> and did the following
>
> # chmod 600 /etc/cipe/options.cipcb0
>
> 4) Started CIPE using
>
> # /etc/sysconfig/network-scripts/ifup-cipcb ifcfg-cipcb0
>
> I checked using ifconfig , cipcb0 is up and running..
>
>
>
> Now on the windows 2003 machine(67.xx.xxx.161),
>
> 1)Created a network device using CIPE Windows NDIS driver and service,
> version 2.0-pre15. (391k, zip).
>
> the settings are as follows:
>
> Local IP address : 192.168.0.2 Port:6790
> Peer IP Address : 67.xx.xxx.159 Port:6789
> Local PTP Address: 192.168.0.2
> Peer PTP Address : 192.168.0.1
Does your Cipe tunnel have hte same IP as your nic? This cannot work. Pick a
different subnet + ip for the tunnel endpoints.

Regards, Alex


>
> Key : XXXXXXXXXXXXXXXXXXXXXXXXX(same as on the linux machine)
>
> Cipher: Blowfish
>
> Time out : 600
>
> I can ping Linux machine from windows
> ping 192.168.0.1
>
> But i cannot ping cipe client on windows from linux
> ping 192.168.0.2
>
> it shows 100% packet loss..
>
>
> i couldn't find any solution to what i am doing wrong...
> Any help will be greatly appreciated..
>
> Thanks,
> Ann

Hi Alex,

I was wrong about connecting from cipe client to the cipe server.. i
assigned both cipe server(192.168.1.23) and cipe client(192.168.1.22)
ip address in local network.All the machines in our local network has
192.168.1.x..
So actually it was not using the CIPE tunnel, but was connecting
straight to
CIPE network adapter on the Linux machine in our network..

I tried giving 10.0.0.2(Linux CIPE server) Mask: 255.255.255.0
10.0.0.3(Windows CIPE client) Mask 255.255.255.0

Can i leave the default gateway empty on windows Cipe client network
adapter? I know my questions must be absolutely idiotic..Please bear
with me..I am a complete novice at this..

I tried the above..

But was still not able to ping each other..

Please can any one help me ??

-Ann

Ann wrote:

> Hi Alex,
>
> I was wrong about connecting from cipe client to the cipe server.. i
> assigned both cipe server(192.168.1.23) and cipe client(192.168.1.22)
> ip address in local network.All the machines in our local network has
> 192.168.1.x..
> So actually it was not using the CIPE tunnel, but was connecting
> straight to
> CIPE network adapter on the Linux machine in our network..
>
> I tried giving 10.0.0.2(Linux CIPE server) Mask: 255.255.255.0
> 10.0.0.3(Windows CIPE client) Mask 255.255.255.0
>
> Can i leave the default gateway empty on windows Cipe client network
> adapter? I know my questions must be absolutely idiotic..Please bear
> with me..I am a complete novice at this..
>
> I tried the above..
>
> But was still not able to ping each other..
>
> Please can any one help me ??
>
> -Ann
Hi Ann,

I propably won't be able to help you any further with this one. I posted you
my cipe config file in the "ftp over cipe" mailing (besides the key of
course;-) ).
If I was you, turn of all the firewall stuff first. Then make sure that the
IPs and ports are assigned correctly. If you still experience any problems,
take a good look in the logs.
I think there is a possibility to increase the logging level.
Is there a physical connection at all (means, can you ping the 'real'
address of the machine when the firewall is turned off)?
Setting the default gateway has nothing to do with this. You can use the
default gateway on the Windows machine, when the windows machine is
connected to the linux box, and the linux box to the internet for example.
It will work with no default route, though.
The terms 'client' and 'server' don't make sense, talking about tunnels,
because you have one deamon on each side of the tunnel.

Good luck, Alex

Thanks once again Alex..

Ann