Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

IPIP tunnel

2 views

Skip to first unread message

Tomas Buday

unread,

Nov 10, 1998, 3:00:00 AM11/10/98

hi there,

i need som help setting up the IPIP tunnel. actually
i know how to set it up....but there's something i'm
missing i'm sure.

this is how my tunnel works betwwen two machines:

machine 1
---------

ifconfig tunl0 192.168.1.2 pointopoint 15.188.34.122
route add -net 192.168.1.0 tunl0

OK, now i can ping 192.168.1.1 (local IPIP interface)
..and i also send out encapsulated packets.

when pinging 192.168.1.1, tcpdump says:

13:33:56.801988 192.168.1.2 > 192.168.1.1: icmp: echo request (ipip)
13:33:57.801988 192.168.1.2 > 192.168.1.1: icmp: echo request (ipip)
13:33:58.801988 192.168.1.2 > 192.168.1.1: icmp: echo request (ipip)

similarly i set up the other side of tunnel and everything works
fine....i can get connected via the tunnel. works just fine!

BUT:

this has only been for testing....the real job needs to be done
on our server. so i set it up the very same way, but it doesn't work.
first i thought there was something wrong with the kernel so a
recompiled it....even tried the one from the testing machine...still
no success:(

next i disabled all firewalling rules...no success.

i can see encapsulated packets come to the server (using tcpdump)
but it refuses them...does not react at all.

then i tried to ping the the other side from the server....and using
tcpdump again i could NOT see any encapsulated packets!!! so the reason
why the server does not respond, i guess has to do with it not being
able to send out encapsulated packets.

why is that?

*) i have the same kernel on the machines
*) no fw rules
*) same network setup
*) have linux 2.0.35 (rh-5.1)
*) i don't use modules...everything in the vmlinuz
*) i can of course see tunl0 in /proc/net/dev

THANK YOU very much in advance for helping me solve my problem or
just for giving me a clue of what's going on here.

...i'm not subscribed to LKML, please send replies directly back to me.
THANK YOU!

tomas buday

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Richard Fish

unread,

Nov 10, 1998, 3:00:00 AM11/10/98

Tomas Buday wrote:
>
> THANK YOU very much in advance for helping me solve my problem or
> just for giving me a clue of what's going on here.

When I was playing with IP encapsulation, I found that I had to turn IP
forwarding on in order for it to work. I'm guessing you probably don't
have IP forwarding on for your firewall...

Anyway, I now use CIPE, which provides encrypted IP tunneling and (I
think) a simpler setup. I can even use NFS and X clients over CIPE! I
don't have the URL handy, but a web search for "cipe + linux" should
find it...

--
Richard Fish Enhanced Software Technologies, Inc.
Software Developer 4014 E Broadway Rd Suite 405
r...@estinc.com Phoenix, AZ 85040
(602) 470-1115 http://www.estinc.com

0 new messages