'Re: CIPE-win32 v2.0-pre2 -> CIPE 1.4.3 = frame errors'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cipe
Subject:    Re: CIPE-win32 v2.0-pre2 -> CIPE 1.4.3 = frame errors
From:       "Ville Voipio" <ville.voipio () iki ! fi>
Date:       2000-11-23 22:56:40
[Download RAW message or body]


> I get lots of
> KX: [NK_REQ] sending NK_IND xxxxxxxx
> messages and /var/log/messages shows a sequence of
> ... cipcb2: sendmsg
> ... cipcb2: setkey
> ... cipcb2: recvmsg
> entries.

You have an encryption problem.

> Judging by the 'activity light' in the PPP icon on the laptop's taksbar,
> I'm pretty sure that the packets are getting through at least to the PPP
> i/f and tcpdump does show that the packets are destined for the 'real'
> IP address.

You can check this to some extent by using windump (works fine in my W2k, at
least). It will dump your CIPE interface on the W2k without problems, and
with a bit of luck it will dump the PPP interface as well.

> Other oddities which may or may not be related to my problem.
> Setting nokey to yes on the linux seems to have no effect. All the
> outgoing packets appear to be encrypted.

This is probably the cause of your problems. Are you sure your options file
gets read the right way? Line

  nokey true

should switch off encryption. If it does not, your \etc\cipe\options does
not get read. The line is a direct copy from my (obsolete) options file
which worked just fine. I have CIPE 1.4.3 on Linux (kernel 2.2.12-20).

> Setting cipher = NONE on the W2K system causes it to send pings as 60
> byte UDP packets which CIPE on the linux box regards as invalid because
> (AFAICS) the length is not a multiple of blockSize (8 bytes?).

The packet is fine. If there is no encryption, there is no padding. But if
the Linux CIPE expects encrypted messages, it will sure give frame errors.

---

I think what happens is that Linux CIPE uses different key from your
CIPE-Win32. When you use encryption, CIPE records errors due to wrong
encryption (the error count you cited earlier). When you do not use any
encryption, CIPE records frame errors due to wrong length of the packets.

You are using different keys for different CIPE connections, aren't you?
Now, try each of the other keys with this connection, one of them might
work.

---


> Has _anybody_ out there actually got CIPE on Windows 2000 talking to
> CIPE on linux?

I have. Even though the newest Cipe-Win32's are not very stable, it works. I
am using an older beta (beta 11, 1st Sept 00) without too many problems both
on WinNT and W2k. And from your hex dumps (*) it seems that your CIPE-Win32
creates correct packets. The problem seems to be on the Linux end and seems
to relate to bad parsing of your options file.

Rgds,

- Ville

(*) hex dump = junkyard for used spells ;)


--
Message sent by the cipe-l@inka.de mailing list.
Unsubscribe: mail majordomo@inka.de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic