LARTC - Jan 2002 - Help!! Cisco --> Linux Tunneling via NOS Encapsulation

Hey Pepole!!

    My name is Juda and i need to set up Tunnel
    From my Home Linux machine to my ISP Cisco Router
    
    i Do know how to set up simple ip-ip tunnel
    Here is the script i have build to set it up

insmod ipip
ip tunnel add neta mode ipip remote _REMOTE_ROUTER local _MY_LOCAL_INTERFACE
ip addr add __MY_TUNNEL_IP_ADDR dev neta
ip link set neta up
ip route add _FORIEGN NETWORK dev neta


well it''s work great

i have set up on My Cisco using  tunnel protocol  ipip    (Also called protocol
4)
Network 192.168.1.0   
    Cisco Interface: 192.168.1.1
    Linux Interface: 192.168.1.2


And i was able to ping from the cisco to the Linux

My problem is that my ISP use a   Cisco implemented IP over IP encapsulation
called NOS (KA9Q/NOS Compatiable) , also named protocol 94

i have made some debugs and with the tunnel i have set up below  my computer
(192.168.1.2) able to ping to the Cisco Machine
But when the cisco send reply , my   machine send to the router     protocol
unreachable

that means my linux box dont recognize the NOS protocol   , i have pass allmost
the whole linux how to documents

grep "NOS" *    / grep "nos"   *   / grep "tunnel"
*
and i havent find any HowTo that talk about NOS   the only one was  AX25-HOWTO  

and i have tried to use there example    but i am getting error
Destation on reachable
when i am tring to set up the route


Help will be apprechated
Sincer Juda(Love Linux) Barnes

On Tue, 8 Jan 2002, Juda Barnes wrote:

[snip]
> My problem is that my ISP use a   Cisco implemented IP over IP
encapsulation called NOS (KA9Q/NOS Compatiable) , also named protocol 94
> 
> i have made some debugs and with the tunnel i have set up below  my
computer (192.168.1.2) able to ping to the Cisco Machine
> But when the cisco send reply , my   machine send to the router    
protocol unreachable
> 
> that means my linux box dont recognize the NOS protocol   , i have pass
allmost the whole linux how to documents
I''ve searched the net for a little while and to me it seems like NOS is
a normal ipip tunnel but using ipprotocol 94 instead of 4

from linux/include/linux/in.h:

  IPPROTO_IPIP = 4,             /* IPIP tunnels (older KA9Q tunnels use 94) */

and IPPROTO_IPIP is used in ipip.c which is the IP-in-IP driver in linux.

So you machine sends out tunnelpackets it sends them out with ip protocol
4 which the cisco seem to accept but the cisco sends packets back to you
with ip protocol 94. I assume they have a generic ipip driver in
Cisco''s
IOS that listens for both ip protocol 4 and 94 and uses one of those
protocols depending on the configuration.

So if you change the value of IPPROTO_IPIP to 94 and recompile your kernel
it should work. But after this small change your machine won''t be able
to
set up tunnels to other Linux''s which use protocol 4... but maybe you
can
live with that. It''s of course possible to fix it so that linux can use
both but that needs some hacking, something you can start looking at if
you''re interested in kernelhacking.

Hope this helps.

/Martin

Never argue with an idiot. They drag you down to their level, then beat you with
experience.

> I''ve searched the net for a little while and to me it seems like
NOS is
> a normal ipip tunnel but using ipprotocol 94 instead of 4
[...]
> So if you change the value of IPPROTO_IPIP to 94 and recompile your kernel
> it should work. 
it could be nice to have a iptables mangle target allowing arbitrary
modification of packets ... I believe the protocol field is at a fixed
offset, so that might work, or am I wrong ? it might also be possible
to tweak UDP packets to TCP packets and reversely, to bypass dumb firewalls
blocking UDP packets (but not doing stateful filtering). if that sounds
technically ok, I might write the iptables target to do that ... it should
be easy, anyway.

Jerome Petazzoni <skaya at enix dot org>
--
''I don''t like to ask them questions.''
''Why not?''
''They might give me answers. And then what would I do?''
(Lords and Ladies)

Okay sorry for the late answer ,  it was a terriable week and weekend !

My whole ip classes are down bcz My Co Make changes in the network topologey
thigs that make me build a tunnel  to the cisco router .

for unknown reason (possible bcz my class is down)  i have noticed strange
traffic on my MRTG reports
and alot of kernel panic ,   which make my  server goes down without any
reason

Well i have make alot of changes on my linux   hopely when i wake up tommrow
it will be up :-)
Anyway short brief of stuff i have tried to do , seems not working.

i have change the #define IPIP_PROTO from 94 to 4 on
/usr/src/linux/include/linux/in.h
and recompile the kernel , as Martin thought , but it didnt help .
more than that i have got strnage iptables output ;-)

when i have run iptables   insted of
#ip tunnel
tunl0: ip/ip  remote any  local any  ttl inherit  nopmtudisc

i have got
#ip tunnel
tunl0: unknown/ip remote any local ttl inherit no...

i have tried to recompile the iptables with the (94) definination maybe is
that work    but i have got ioctl error
when i have tried to set up the tunnel       ;-)

i have take future steps and start goes on the  ipv4 source code  and the
tunneling code   ;-)
i have e-mail to Alan Cox   (Mini Ginenus   that code the ipv4  in the linux
kernel )
i havent got any respond due the fact my mail serv is down for since 9
Januar


Any ideas will be greatfully!