Which linux kernel version are you using? It sounds like you have to
recompile with the CONFIG_ARPD option:
https://bugzilla.redhat.com/show_bug.cgi?id=502844
HTH,
Darren
On Tue, May 20, 2014 at 4:12 PM, Rusty Dekema <rdek...@gmail.com> wrote:
> Greetings,
>
> I am trying to set up a seemingly simple (unencrypted) tunnel between a
> Cisco router with a dynamic IP address and a Linux/OpenNHRP machine with a
> static IP address. So far, I have not been able to bring the tunnel or NHS
> session up. It seems like I am probably making some simple mistake, but I
> have not been able to determine what it is.
>
> My setup:
>
> Cisco router:
> ios c3725-adventerprisek9-m 12.4(15)T14
> public (dynamic) ip address: 24.247.x.x
> public ip device: fastethernet0/0
> private (gre) ip address: 10.1.1.10/30
> private (gre) device: tunnel0
>
> Tunnel0 interface configuration:
> ip address 10.1.1.10 255.255.255.252
> no ip redirects
> ip mtu 1472
> ip nhrp authentication test
> ip nhrp map multicast 75.144.x.x
> ip nhrp map 10.1.1.9 75.144.x.x
> ip nhrp network-id 123456
> ip nhrp holdtime 360
> ip nhrp nhs 75.144.x.x
> ip nhrp registration no-unique
> cdp enable
> tunnel source FastEthernet0/0
> tunnel destination 75.144.x.x
> tunnel key 123456
>
>
> Linux machine:
> kernel 3.13.0-24 from ubuntu 14.04
> opennhrp-0.14.1 from source
> public ip address: 75.144.x.x
> public ip device: eth0.4
> private (gre) ip address: 10.1.1.9/30
> private (gre) device: gre1
>
> opennhrp.conf:
> interface gre1
> cisco-authentication test
> multicast dynamic
> holding-time 360
>
> Steps to set up interface gre1:
>
> ip tunnel add gre1 mode gre key 123456 ttl 64 local 75.144.x.x
> ip addr add 10.1.1.9/30 dev gre1
> ip link set gre 1 up
>
> ---
>
> With the Cisco tunnel interface in 'shutdown' state, i run opennhrp -v on
> the Linux machine and get the following output:
>
> opennhrp[4121]: OpenNHRP 0.14.1 starting
> opennhrp[4121]: Interface lo: configured UP, mtu=0
> opennhrp[4121]: Interface eth0: configured UP, mtu=1500
> opennhrp[4121]: Interface tun0: configured UP, mtu=1500
> opennhrp[4121]: Interface eth0.2: configured UP, mtu=1500
> opennhrp[4121]: Interface eth0.4: configured UP, mtu=1500
> opennhrp[4121]: Interface gre0: config change, mtu=1476
> opennhrp[4121]: Interface gretap0: config change, mtu=1476
> opennhrp[4121]: Interface kew-c2500-1: configured UP, mtu=1476
> opennhrp[4121]: Interface sit0: config change, mtu=1480
> opennhrp[4121]: Interface he-ipv6: configured UP, mtu=1480
> opennhrp[4121]: Interface hc1-ipv6: configured UP, mtu=1480
> opennhrp[4121]: Interface gre1: configured UP, mtu=1472
> opennhrp[4121]: Interface gre1: GRE configuration changed. Purged 0 peers.
> opennhrp[4121]: Adding local 10.1.1.9/32 dev gre1
> opennhrp[4121]: Adding local 10.1.1.11/32 alias 10.1.1.9 dev gre1
> opennhrp[4121]: Filter code installed (20 opcodes)
>
>
> I then type 'no shutdown' on the Cisco tunnel interface and receive the
> following output on the opennhrp console:
>
> opennhrp[3866]: Forwarding packet from nbma src 24.247.x.x, proto src
> 10.1.1.10 to proto dst 75.144.x.x, hop count 255
> opennhrp[3866]: No peer entry for protocol address 75.144.x.x
> opennhrp[3866]: No peer entry for protocol address 10.1.1.10
> opennhrp[3866]: Multicast from 10.1.1.9 to 224.0.0.5
>
> At this point, if I try to ping the Cisco end of the tunnel (10.1.1.10)
> from the Linux machine, I see the following message on the opennhrp console
> for each icmp packet sent: "opennhrp[4393]: NL-ARP(gre1) who-has
> 10.1.1.10". If I use tcpdump to monitor the 75.144.x.x interface during
> this time, I see no traffic being sent to the Cisco' 24.247.x.x interface.
>
> If I try to ping the Linux end of the tunnel (10.1.1.9) from the Cisco
> router, I still get a "opennhrp[4393]: NL-ARP(gre1) who-has 10.1.1.10" on
> the opennhrp console for each icmp packet sent. Using tcpdump on the Linux
> machine to monitor its 75.144.x.x interface reveals GRE-encapsulated ICMP
> packets coming from the Cisco router as follows:
>
> 15:45:42.719449 IP 24.247.x.x > 75.144.x.x: GREv0, key=0x1e240, length
> 108: IP 10.1.1.10 > 10.1.1.9: ICMP echo request, id 47, seq 0, length 80
>
> 15:45:44.713027 IP 24.247.x.x > 75.144.x.x: GREv0, key=0x1e240, length
> 108: IP 10.1.1.10 > 10.1.1.9: ICMP echo request, id 47, seq 1, length 80
>
> 15:45:46.713106 IP 24.247.x.x > 75.144.x.x: GREv0, key=0x1e240, length
> 108: IP 10.1.1.10 > 10.1.1.9: ICMP echo request, id 47, seq 2, length 80
>
> ---
>
> I thought that between the matching GRE key, the matching
> cisco-authentication strings, and the 'multicast dynamic' line under
> interface gre1 in opennhrp.conf, OpenNHRP would recognize GRE packets
> coming from the Cisco router as coming from an acceptable peer, but it
> seems that perhaps this is not happening?
>
> I realize that to actually have the unencrypted link work, I would need to
> remove the racoonctl lines from opennhrp-script, but it appears that the
> peer-up section of that script is not even being called (judging from the
> lack of error messages, and the fact that when I ran opennhrp under strace
> in an attempt to troubleshoot, I didn't see it open the opennhrp-script
> file).
>
> It occurred to me that there was no matching line in the OpenNHRP config
> to the "ip nhrp network-id 123456" line on the Cisco side, so I tried
> removing that line from the Cisco config. This gives the same result,
> except that I no longer see the:
>
> "opennhrp[3866]: Forwarding packet from nbma src 24.247.x.x, proto src
> 10.1.1.10 to proto dst 75.144.x.x, hop count 255
> opennhrp[3866]: No peer entry for protocol address 75.144.x.x
> opennhrp[3866]: No peer entry for protocol address 10.1.1.10"
>
> lines on the OpenNHRP console. I looked at the opennhrp.conf manual page
> and some of the source code but did not find anywhere to configure a
> network ID. Could I be missing something here which might be part of the
> problem?
>
> If anyone can point me in the right direction or suggest something for me
> to try, I would certainly appreciate it.
>
> Thanks,
> Rusty Dekema
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform
> available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> opennhrp-devel mailing list
> opennhrp-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
>
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
