[K12OSN] easy VPN?
Les Mikesell
les at futuresource.com
Sun Apr 25 23:44:37 UTC 2004
On Sun, 2004-04-25 at 16:54, Julius Szelagiewicz wrote:
> Stuck, that's what i am. gui setup for cipe is nice and easy, everything
> goes smooth, i set up one end as a server and the other as a client. key
> copied and pasted, everything is hunky-dory, netstat -r looks good on both
> ends, but ping to either virtual interface doesn't work from the remote -
> no vpn. rats! i have the uneasy feeleng that i am missing something.
> tomorrow i'll try it on two servers on the same network segments, so that
> there will be no firewalls involved. if you can think of a something
> outside og cipe gui that i need to do, plese tell me. julius
You just have to get the UDP packets back and forth to the
endpoint addresses and then you should be able to ping the
remote cipe interface address. You mentioned having NAT on
at least one side. Did you static nat or port-forward so
the remote sees a known public address? If not, you need to
set the remote peer address to 0.0.0.0 (or maybe check the
'auto' box in the GUI) on the side that doesn't know the
address to use and try to ping through the tunnel after
starting it from the side that does know the peer public
address. 'ifconfig cipcb0' will show you the interface
stats. If you see TX packets on one side but no RX on
the other it is a firewall/nat/routing issue between them.
You can 'tcpdump udp port portnumber' to see the packets
going by. Keep in mind that tcpdump will see packets even
if an iptables filter is blocking them from other applications.
---
Les Mikesell
les at futuresource.com
More information about the K12OSN
mailing list