Regular net tools doesn't work over VPN as expected. Being able to traceroute to the VPN peer doesn't guarantee that the traffic is already being sent inside the tunnel and encrypted.
Usual debugging tools for VPN's are telnet (to try establishing a connection with the other side's encryption domain). And ethereal (to check if the packets are really being encrypted over the tunnel. This is in fact off-topic for the Kannel list, I'm pretty sure that there's nothing wrong with Kannel. You have to check if the VPN is working by connecting with the SMPP port using telnet, a traceroute won't cut it, since cannot trace inside the tunnel. Hope it helps, Alejandro. On 8/12/07, Amr Qanadilo //AMC// <[EMAIL PROTECTED]> wrote: > Dear fried; > > We have connected the VPN using the following configurations and it is > connected > > [main] > Description=sample user profile > Host= (MAIN IP FROM OPERATOR) > AuthType=1 > GroupName=amc > GroupPwd= > EnableISPConnect=0 > ISPConnectType=0 > ISPConnect= > ISPCommand= > Username=am > UserPassword= > SaveUserPassword=0 > EnableBackup=0 > BackupServer= > EnableNat=0 > CertStore=0 > CertName= > CertPath= > CertSubjectName= > CertSerialHash=00000000000000000000000000000000 > DHGroup=2 > ForceKeepAlives=0 > enc_GroupPwd= > enc_UserPassword= > TunnelingMode=0 > TcpTunnelingPort=5020 > SendCertChain=0 > PeerTimeout=90 > EnableLocalLAN=0 > > It is there connected and in the route table the other IP that is given to > us in to use in SMPP is also there. > > When I tracerout the SMPP IP it lead me to the main IP for VPN. > > Now my question would be, if the VPN is already connected and I can trace > route the IP for the SMPP to the VPN connection. Then why wont the kannel > recognize it? > > Is there a kind of setting that I need to do? > > BR > > Amr Qanadilo > > -----Original Message----- > From: Alejandro Guerrieri [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 11, 2007 5:41 PM > To: [email protected] > Subject: Re: problems connecting to SMSC using SMPP though VPN > > Ashwani, > > The IP used to connect to the VPN is called the "VPN Peer". Of course > Kannel shouldn't try to connect to that one, since it's the IP used to > establish the tunnel. > > The other IP (or IP's) are called the "Encryption Domain". If you have > established your VPN well, all traffic going out on your host to the > enryption domain should be directed through the tunnel established > over the vpn peer. > > Looking at your logs, there are many issues that could end with a > "Connection Timed Out", but most probably is related to a VPN > configuration or firewall issue. > > The first thing to do is to check if you're able to connect to the > SMPP host/port on the other side by using other means of connection. > I'd suggest you to try using telnet to the host/port on the other > side, since most operators block ping from external IP's: > > telnet <smpp host> <smpp port> > > Keep in mind that if you're host have more than one IP, you have to > use the same IP as kannel. Usually, the first interface on a multi-ip > host is the one used to establish connections (you can change that on > kannel by using the "our-host" directive on conf files). > > If you can establish a connection using telnet (I don't think you > will) then the problem is on kannel. > > The other "suspect" could be a firewall configuration on either side, > check your setup and ask your operator about it. > > Hope it helps, > > Alejandro > > On 8/11/07, Amr Qanadilo //AMC// <[EMAIL PROTECTED]> wrote: > > > > > > > > > > Dear Ashwani; > > > > > > > > Thank you very much for your immediate response. The issue here is that we > > are using VPN. We have got 2 IPs from the operator. The first one is to > > connect the VPN and it is going well and connected. The other IP is for > the > > SMPP configuration. Now when I test the VPN IP address it is pinging and > > working fine. But when I test the second IP it is not pinging; maybe it is > > an internal IP address that we can connect though only VPN connection. > > > > For the above mentioned is there any special configuration that we need to > > make to the Kannel. > > > > > > > > Looking forward for your feedback and Best Regards > > > > > > > > Amr > > > > > > > > > > > > ________________________________ > > > > > > From: Amr Qanadilo //AMC// [mailto:[EMAIL PROTECTED] > > Sent: Saturday, August 11, 2007 11:12 AM > > > > To: 'ashwani'; '[email protected]' > > Subject: RE: problems connecting to SMSC using SMPP though VPN > > > > > > > > > > Dear Ashwani; > > > > > > > > Thank you for your email. I will try to do that, but does the > configuration > > file seem correct? > > > > > > > > Thank you > > > > ________________________________ > > > > > > From: ashwani [mailto:[EMAIL PROTECTED] > > Sent: Saturday, August 11, 2007 9:45 AM > > To: 'Amr Qanadilo //AMC//'; [email protected] > > Subject: RE: problems connecting to SMSC using SMPP though VPN > > > > > > > > Hi AMR, > > > > > > > > It seems that you are not able to connect to the SMSC at all, > > > > First check if you are able to connect SMSC on TCP/IP, I mean try to ping > > the SMSC > > > > Also check if the port is open for you system, try telnet to SMSC port > given > > to u. > > > > > > > > > > > > > > > > I hope this will help > > > > > > > > > > Regards > > > > Ashwani > > > > ________________________________ > > > > > > From: Amr Qanadilo //AMC// [mailto:[EMAIL PROTECTED] > > Sent: Saturday, August 11, 2007 2:05 PM > > To: [email protected] > > Subject: problems connecting to SMSC using SMPP though VPN > > > > > > > > Dear all; > > > > > > > > I have a problem in connecting the Kannel to the GSM operator smsc center. > > > > > > > > Am using kannel 1.4.1 stable. My OS is enterprise redhat linux 4. > > > > > > > > The config file is as follows: > > > > > > > > group = core > > > > admin-port = 13000 > > > > wapbox-port = 13002 > > > > admin-password = bar > > > > wdp-interface-name = "*" > > > > log-file = "/var/log/bearerbox.log" > > > > log-level = 1 > > > > box-deny-ip = "*.*.*.*" > > > > box-allow-ip = "127.0.0.1" > > > > > > > > include = "wapbox.conf" > > > > > > > > include = "smsbox.conf" > > > > > > > > group = smsc > > > > smsc = smpp > > > > host = (IP I GOT FROM GSM OP) > > > > port = (PORT I GOT FRON GSM OP) > > > > receive-port = (PORT I GOT FRON GSM OP) > > > > smsc-username = "(username I GOT FRON GSM OP) > > > > smsc-password = "(pass I GOT FRON GSM OP)" > > > > system-type = "SMPP" > > > > address-range ="" > > > > ------------------------------------------------------- > > > > WAP BOX > > > > > > > > group = wapbox > > > > bearerbox-host = localhost > > > > log-file = "/var/log/wapbox.log" > > > > log-level = 0 > > > > syslog-level = none > > > > > > > > SMS BOX > > > > > > > > group = smsbox > > > > bearerbox-host = localhost > > > > sendsms-port = 13013 > > > > global-sender = 13013 > > > > sendsms-chars = "0123456789 +-" > > > > log-file = "/tmp/smsbox.log" > > > > log-level = 0 > > > > access-log = "/tmp/access.log" > > > > > > > > > > > > when I try to connect it gives me this error message > > > > > > > > 2007-08-10 16:35:17 [25358] [6] ERROR: connect failed > > > > 2007-08-10 16:35:17 [25358] [6] ERROR: System error 110: Connection timed > > out > > > > 2007-08-10 16:35:17 [25358] [6] ERROR: error connecting to server `IP FROM > > GSM OP' at port `PORT FROM GSM OP' > > > > 2007-08-10 16:35:17 [25358] [6] ERROR: > > SMPP[SMPP:IP:PORT/PORT:username:SMPP]: Couldn't connect to > > server. > > > > 2007-08-10 16:35:17 [25358] [6] ERROR: > > SMPP[SMPP:IP:PORT/PORT:username:SMPP]: Couldn't connect to > > SMS center (retrying in 10 seconds). > > > > > > > > Please help > > > > > > > > > > > > Thank you > > > > > > > > __________ NOD32 2450 (20070810) Information __________ > > > > This message was checked by NOD32 antivirus system. > > http://www.eset.com > > > -- > Alejandro Guerrieri > Magicom > http://www.magicom-bcn.net/ > LinkedIn: http://www.linkedin.com/in/aguerrieri > > > > __________ NOD32 2451 (20070811) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > -- Alejandro Guerrieri Magicom http://www.magicom-bcn.net/ LinkedIn: http://www.linkedin.com/in/aguerrieri
