Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 05 Oct 1999 21:49:11 -0700
From:      Chandra Ravi <cravi@arsin.com>
To:        "Theo Purmer (Tepucom)" <theo@tepucom.nl>
Cc:        "'Jim Flowers'" <jflowers@ezo.net>, "skip-info@skip-vpn.org" <skip-info@skip-vpn.org>, "'freebsd-security@freebsd.org'" <freebsd-security@FreeBSD.ORG>
Subject:   Re: skip basic procedure
Message-ID:  <37FAD4C7.15678404@arsin.com>
References:  <01BF0F08.5D32D270.theo@tepucom.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Guys!

Get me out of your mailing list.

Thanks,

Theo Purmer (Tepucom) wrote:

> Thanks Jim fo the help.
>
> Ive got a skip session running between
> two machines and the rfc1918 network
> is connected what i found to be the problem
> is that skip leaves the rfc1918 sender address
> in the packet even if it goes through the
> tunnel. The routers and firewalls in between dont
> allow a rfc1918 sender or receiver address so
> the packets dont arrive at the other end
>
> In the archives john capo has the same problem
> he sent me some data to change the source with
> so that doesnt happen anymore. im working on
> that now.
>
> Do you have any idea as to who maintains the skip
> website. Maybe its a good idea to publish this on
> the website when ive got it running.
>
> thanks agian
>
> theo purmer
> ----------
> Van:    Jim Flowers[SMTP:jflowers@ezo.net]
> Verzonden:      maandag 4 oktober 1999 16:38
> Aan:    Theo Purmer (Tepucom)
> CC:     skip-info@skip-vpn.org; 'freebsd-security@freebsd.org'
> Onderwerp:      Re: skip basic procedure
>
> Skip doesn't do routing.  You have to use something else.  Mostly I use
> static routes.  Generally, the inside inetrace (rfc 1918) will create a
> route to the internal network.
>
> However, It sounds like you don't really have a SKIP connection.  Can you
> verify in skipd.log?  Use tcpdump to verify skip (proto 57) packets on the
> incoming interface and equivalent cleartext packets on the internal
> interface.  Assumes you have multi-homed skiphost.
>
> What I have found to work best is:
>
> 1. With skip turned off, verify that the two skiphosts can communicate with
> each other.
> 2. Setup skip on each of the skiphosts by running skiplocal export on the
> opposite end skiphost and then executing it as a shell script.
> 3. Set default in cleartext (`skiphost -a default`) and turn it on at each
> end (`skiphost -o on`).
> 4. Debug this configuration.  Is the time correct on each skiphost?  Are the
> keys valid?  Good idea is to telnet to a third machine and from
>     there to the far end so that the session will continue even if skip
> doesn't work. Use skiplog to see if there are errors
> 5. Once you get 4. working, add the RFC1918 networks using the far end
> skiphost as the tunnel entrance.
> 6. Use tcpdump on the external and internal interfaces of each skiphost to
> debug.
>
> It is also instructive to run the skiptool if you have xwindows.  When you
> enable the skip interface it offers suggestions on addresses that should be
> allowed in cleartext.
>
> Have DNS set up and working properly so that skiphost can find all the
> reverse lookups or you will wait for what seems like forever.
>
> Search the freebsd-security list for skip,  I posted stuff like this lots of
> times.
>
> ----- Original Message -----
> From: Theo Purmer (Tepucom) <theo@tepucom.nl>
> To: <jflowers@ezo.net>
> Sent: Saturday, October 02, 1999 8:45 AM
> Subject: skip
>
> > Hi Jim
> >
> > hope you dont mind me sending you some email
> > about skip. In some archive i found your name on
> > a message where you said you had good experiences
> > with skip on freebsd
> >
> > im having some trouble getting a vpn with skip running
> > and i was wondering if you could give me a hint on
> > the skip config file.
> >
> > im trying to route 2 rfc 1918 networks over two skip
> > machines via the internet but data does arrive but
> > isnt routed to the second (rfc1918) nic in the machine
> >
> > some help would be greatly appreciated
> >
> > thanks
> >
> > theo purmer
> > theo@tepucom.nl
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37FAD4C7.15678404>