cipe

Hello,

anybody here with cipe experience? I?ve got some questions in configuring it
connecting through a dsl modem to an external server.

Regards.
--

Dirk Jakobsmeier wrote:
> Hello,
>
> anybody here with cipe experience? I?ve got some questions in configuring it
> connecting through a dsl modem to an external server.


I have set up a couple of CIPE tunnels.

The CIPE people recommend OpenVPN for new installations.
It uses less custom modules and for simple tunnels it's
easy to set up.

Most of my old CIPE tunnels are now running OpenVPN.

---

What's your problem?

--

Tauno Voipio
tauno voipio (at) iki fi

Tauno Voipio wrote:

> Dirk Jakobsmeier wrote:
>> Hello,
>>
>> anybody here with cipe experience? I?ve got some questions in configuring
>> it connecting through a dsl modem to an external server.
>
>
> I have set up a couple of CIPE tunnels.
>
> The CIPE people recommend OpenVPN for new installations.
> It uses less custom modules and for simple tunnels it's
> easy to set up.

Hello Tauno,

my problem is that i don?t know how to route the udp connection correctly.

On my gateway there is not running a pppoed because connection to the
internet is done by the dsl modem. To set up the tunnel i have to start
cipe with ip ip adress me and peer. So i set up an virtual device (eth0:0)
using me real external adress. If i now try to start cipe everythink works
ok. Interface cipcb0 is up and cipe is running with its options. But i ca
?t connect to the server (looking in logfile at the remote server). Using
tcpdump i recognized that the udp packets are sent through my internet
interface but not through cipcb0. Is this correct or is there an error in
routing?

routing:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
peeradress 0.0.0.0 255.255.255.255 UH 0 0 0 cipcb0
dmz 0.0.0.0 255.255.255.0 U 0 0 0 eth0
remnet peeradress 255.255.255.0 UG 0 0 0 cipcb0
intnet 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 dslintern 0.0.0.0 UG 0 0 0 eth0

dmz is network between dsl modem and gateway to internal network
remnet is network behind peer gateway
intnet is network behind me gateway
dslintern is ip adress from dsl modem to dmz

I fear that

Regards
--

Dirk Jakobsmeier wrote:
> Tauno Voipio wrote:
>
>
>>Dirk Jakobsmeier wrote:
>>
>>>Hello,
>>>
>>>anybody here with cipe experience? I?ve got some questions in configuring
>>>it connecting through a dsl modem to an external server.
>>
>>
>>I have set up a couple of CIPE tunnels.
>>
>>The CIPE people recommend OpenVPN for new installations.
>>It uses less custom modules and for simple tunnels it's
>>easy to set up.
>
>
> Hello Tauno,
>
> my problem is that i don?t know how to route the udp connection correctly.
>
> On my gateway there is not running a pppoed because connection to the
> internet is done by the dsl modem. To set up the tunnel i have to start
> cipe with ip ip adress me and peer. So i set up an virtual device (eth0:0)
> using me real external adress. If i now try to start cipe everythink works
> ok. Interface cipcb0 is up and cipe is running with its options. But i ca
> ?t connect to the server (looking in logfile at the remote server). Using
> tcpdump i recognized that the udp packets are sent through my internet
> interface but not through cipcb0. Is this correct or is there an error in
> routing?
>
> routing:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> peeradress 0.0.0.0 255.255.255.255 UH 0 0 0 cipcb0
> dmz 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> remnet peeradress 255.255.255.0 UG 0 0 0 cipcb0
> intnet 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 dslintern 0.0.0.0 UG 0 0 0 eth0
>
> dmz is network between dsl modem and gateway to internal network
> remnet is network behind peer gateway
> intnet is network behind me gateway
> dslintern is ip adress from dsl modem to dmz
>

Please have a look at tunneling addressing overview
I wrote to Mr Eisig, and after reading that, let's
check which address is which.

The UDP address will be the tunnel outside address.

What host / network would you transfer via the tunnel?

--

Tauno Voipio
tauno voipio (at) iki fi

Tauno Voipio wrote:

> Dirk Jakobsmeier wrote:
>> Tauno Voipio wrote:
>>
>>
>>>Dirk Jakobsmeier wrote:
>>>
>>>>Hello,
>>>>
>>>>anybody here with cipe experience? I?ve got some questions in
>>>>configuring it connecting through a dsl modem to an external server.
>>>
>>>
>>>I have set up a couple of CIPE tunnels.
>>>
>>>The CIPE people recommend OpenVPN for new installations.
>>>It uses less custom modules and for simple tunnels it's
>>>easy to set up.
>>
>>
>> Hello Tauno,
>>
>> my problem is that i don?t know how to route the udp connection
>> correctly.
>>
>> On my gateway there is not running a pppoed because connection to the
>> internet is done by the dsl modem. To set up the tunnel i have to start
>> cipe with ip ip adress me and peer. So i set up an virtual device
>> (eth0:0) using me real external adress. If i now try to start cipe
>> everythink works ok. Interface cipcb0 is up and cipe is running with its
>> options. But i ca ?t connect to the server (looking in logfile at the
>> remote server). Using tcpdump i recognized that the udp packets are sent
>> through my internet interface but not through cipcb0. Is this correct or
>> is there an error in routing?
>>
>> routing:
>>
>> Kernel IP routing table
>> Destination Gateway Genmask Flags Metric Ref Use Iface
>> peeradress 0.0.0.0 255.255.255.255 UH 0 0 0 cipcb0
>> dmz 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>> remnet peeradress 255.255.255.0 UG 0 0 0 cipcb0
>> intnet 0.0.0.0 255.255.255.0 U 0 0 0 eth1
>> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
>> 0.0.0.0 dslintern 0.0.0.0 UG 0 0 0 eth0
>>
>> dmz is network between dsl modem and gateway to internal network
>> remnet is network behind peer gateway
>> intnet is network behind me gateway
>> dslintern is ip adress from dsl modem to dmz
>>
>
> Please have a look at tunneling addressing overview
> I wrote to Mr Eisig, and after reading that, let's
> check which address is which.
>
> The UDP address will be the tunnel outside address.
>
> What host / network would you transfer via the tunnel?
>
Hello Tauno,

i really never had a better tip. Reading your posts to Mr. Eisig i
recognized the routing entry done on the router to internet:

route add -net 10.18.0.0/29 gw 192.168.178.88

I then "recompiled" my knowledge an realized that the router (dsl modem)
does not know how to reach my private network (10.10.111.0). So i added a
route on my dsl router and really it did.

So i did not know that the dsl router had to know something about the vpn.

Many thanks for your help.

Regards, Dirk.

--

Dirk Jakobsmeier wrote:
>
> Hello Tauno,
>
> i really never had a better tip. Reading your posts to Mr. Eisig i
> recognized the routing entry done on the router to internet:
>
> route add -net 10.18.0.0/29 gw 192.168.178.88
>
> I then "recompiled" my knowledge an realized that the router (dsl modem)
> does not know how to reach my private network (10.10.111.0). So i added a
> route on my dsl router and really it did.
>
> So i did not know that the dsl router had to know something about the vpn.
>
> Many thanks for your help.
>
> Regards, Dirk.
>

Thanks - positive feedback keeps the response engine running!

--

Tauno Voipio
tauno voipio (at) iki fi