gif tunel

Robert Koncier rkoncier at zoznam.sk
Tue Apr 19 11:27:47 CEST 2005
Previous message: Tungsten T
Next message: gif tunel
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Prednedavnom som sa snazil vytvorit si IPSEC tunnel.
Vsetko som si pripravil a otestoval podla navodov z internetu
najprv na lokalnej sieti - vsetko fungovalo ako malo.
Potom som tieto dve masiny - PC 1 (freebsd 4.11) a PC (freebsd 5.3)
umiestnil do "realneho sveta". A nastal problem. nemozem pingnut
z PC1 vnutornu adresu druheho bodu PC2. tj. ping 10.0.0.3 (opacny pripad 
je to iste).
Popis nastaveni a testov nizsie.
Poprosil by som o radu ako problem vyriesit alebo ako postupovat
pri hladani problemu lebo pozrel som internet a pozrel som konferencie.
Dakujem
Robo

Nastavenie pocitacov (*racoon a ipsec a firewall som vypol*):
PC1:
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet AAA.BBB.CCC.229 --> XXX.YYY.ZZZ.193
        inet 10.0.1.1 --> 10.0.0.3 netmask 0xffffffff

netstat -rn
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            AAA.BBB.CCC.225      UGSc       43      945    rl0
10/24              10.0.0.3           UGSc        0        0   gif0
10.0.0.3           10.0.1.1           UH          1      245   gif0
10.0.1/24          link#5             UC          0        0    rl4
AAA.BBB.CCC.224/29   link#1             UC          2        0    rl0
127.0.0.1          127.0.0.1          UH          2     5186    lo0


PC2:
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet XXX.YYY.ZZZ.193 --> AAA.BBB.CCC.229
        inet 10.0.0.3 --> 10.0.1.1 netmask 0xffffffff

netstat -rn
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            XXX.YYY.ZZZ.206      UGS         0   129257    rl0
10/24              link#2             UC          0        0    rl1
10.0.1/24          10.0.1.1           UGS         0        0   gif0
10.0.1.1           10.0.0.3           UH          1        0   gif0
127.0.0.1          127.0.0.1          UH          0    12384    lo0
XXX.YYY.ZZZ.192/28   link#1             UC          0        0    rl0

testovanie ping 10.0.0.3 z pocitaca PC1
P
tcpdump -i gif0 na PC1
12:20:42.774967 10.0.1.1 > 10.0.0.3: icmp: echo request
12:20:43.778755 10.0.1.1 > 10.0.0.3: icmp: echo request
12:20:44.788761 10.0.1.1 > 10.0.0.3: icmp: echo request
12:20:45.798776 10.0.1.1 > 10.0.0.3: icmp: echo request

tcpdump -i rl0 na PC1
12:20:42.460058 AAA.BBB.CCC.229 > XXX.YYY.ZZZ.193: 10.0.1.1 > 10.0.0.3: 
icmp: echo request (ipip-proto-4)
12:20:43.470059 AAA.BBB.CCC.229 > XXX.YYY.ZZZ.193: 10.0.1.1 > 10.0.0.3: 
icmp: echo request (ipip-proto-4)
12:20:44.480074 AAA.BBB.CCC.229 > XXX.YYY.ZZZ.193: 10.0.1.1 > 10.0.0.3: 
icmp: echo request (ipip-proto-4)
12:20:45.490088 AAA.BBB.CCC.229 > XXX.YYY.ZZZ.193: 10.0.1.1 > 10.0.0.3: 
icmp: echo request (ipip-proto-4)

tcpdump -i rl0 na PC2
nic co sa tyka prenosu z adresy PC1

Provider pre PC1 je GTS pre PC2 Slovanet.
Ping z PC1 na PC2 na vonkajsiu IP adresu funguje:
PING XXX.YYY.ZZZ.193 ( XXX.YYY.ZZZ.193): 56 data bytes
64 bytes from  XXX.YYY.ZZZ.193: icmp_seq=0 ttl=56 time=19.201 ms
64 bytes from  XXX.YYY.ZZZ.193: icmp_seq=1 ttl=56 time=24.846 ms
64 bytes from  XXX.YYY.ZZZ.193: icmp_seq=2 ttl=56 time=17.911 ms
64 bytes from  XXX.YYY.ZZZ.193: icmp_seq=3 ttl=56 time=22.280 ms
64 bytes from  XXX.YYY.ZZZ.193: icmp_seq=4 ttl=56 time=19.123 ms
Previous message: Tungsten T
Next message: gif tunel
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users-l mailing list