[expert] Novell IPX over IPSEC tunnel

Mon, 16 Dec 2002 20:13:20 -0800

I am attempting to setup a VPN tunnel between 2 locations, and transfer Novell IPX protocol over this tunnel (I know, IPX will not go over the IPSEC VPN natively) It has been suggested that I use GRE to create a tunnel in the IPSEC VPN, but to date I have not been successful in getting the GRE tunnel up

I have attached the commands used at each end for configuring the GRE tunnel, the tcpdump (this came off of eth1, the internal network card, and nothing was reported at the same time from either the GRE device or from eth0, the external network card), and the routing from both ends.

Any help would be appreciated.

Darcy Brodie

Computer OS's
Host - Mandrake 8.1
IPSec 1.91
using IPTables for firewall configuration
Remote - Mandrake 9.0
IPSec 1.98b
using IPTables for firewall configuration

#host
#dev name neta
#dev ip 192.168.9.1
gre-up
ip tunnel add neta mode gre remote aa.bb.cc.dd local ee.ff.gg.hh ttl 255
ip link set neta up
ip addr add 192.168.9.1 dev neta
ip route add 192.168.10.0/24 dev neta

#remote site
#dev name netb
#dev ip 192.168.10.1
gre-up
ip tunnel add netb mode gre remote ee.ff.gg.hh local aa.bb.cc.dd ttl 255
ip link set netb up
ip addr add 192.168.10.1 dev netb
ip route add 192.168.9.0/24 dev netb

tcpdump output from "remote" location (computer.domain.ca has been changed from actual report)
19:27:17.838178 computer.domain.ca.ssh > 192.168.9.20.1037: P 1910238303:1910238347(44)
ack 179971 win 8576 (DF) [tos 0x10]
19:27:18.028227 192.168.9.20.1037 > seed2032.theseed.ca.ssh: . ack 44 win 8212 (DF)
19:27:20.339484 0.00:30:84:27:1a:d7.4017 > 0.ff:ff:ff:ff:ff:ff.452:ipx-sap-req 278
19:27:23.388483 192.168.9.20.svrloc > SVRLOC.MCAST.NET.svrloc: udp 44
19:27:24.322519 192.168.9.20.svrloc > SVRLOC.MCAST.NET.svrloc: udp 44
19:27:25.422363 192.168.9.20.svrloc > SVRLOC.MCAST.NET.svrloc: udp 44
19:27:27.622070 192.168.9.20.svrloc > SVRLOC.MCAST.NET.svrloc: udp 44
19:27:32.021481 192.168.9.20.svrloc > SVRLOC.MCAST.NET.svrloc: udp 44
--
[root@remote root]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.10.224 0.0.0.0 255.255.255.224 U 40 0 0 eth1
192.168.67.0 ee.ff.gg.1 255.255.255.0 UG 40 0 0 ipsec0
192.168.10.0 ee.ff.gg.1 255.255.255.0 UG 40 0 0 ipsec0
192.168.10.0 0.0.0.0 255.255.255.0 U 40 0 0 admin
192.168.9.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
ee.ff.gg.0 0.0.0.0 255.255.248.0 U 40 0 0 eth0
ee.ff.gg.0 0.0.0.0 255.255.248.0 U 40 0 0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 ee.ff.gg.1 0.0.0.0 UG 40 0 0 eth0

[root@host root]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.67.0 aa.bb.cc.1 255.255.255.0 UG 40 0 0 ipsec0
192.168.10.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
192.168.9.0 aa.bb.cc.1 255.255.255.0 UG 40 0 0 ipsec0
192.168.9.0 0.0.0.0 255.255.255.0 U 40 0 0 2032
aa.bb.cc.0 0.0.0.0 255.255.252.0 U 40 0 0 eth0
aa.bb.cc.0 0.0.0.0 255.255.252.0 U 40 0 0 eth0
aa.bb.cc.0 0.0.0.0 255.255.252.0 U 40 0 0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 aa.bb.cc.1 0.0.0.0 UG 40 0 0 eth0






Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to