Hey Pepole!! My name is Juda and i need to set up Tunnel From my Home Linux machine to my ISP Cisco Router i Do know how to set up simple ip-ip tunnel Here is the script i have build to set it up insmod ipip ip tunnel add neta mode ipip remote _REMOTE_ROUTER local _MY_LOCAL_INTERFACE ip addr add __MY_TUNNEL_IP_ADDR dev neta ip link set neta up ip route add _FORIEGN NETWORK dev neta well it''s work great i have set up on My Cisco using tunnel protocol ipip (Also called protocol 4) Network 192.168.1.0 Cisco Interface: 192.168.1.1 Linux Interface: 192.168.1.2 And i was able to ping from the cisco to the Linux My problem is that my ISP use a Cisco implemented IP over IP encapsulation called NOS (KA9Q/NOS Compatiable) , also named protocol 94 i have made some debugs and with the tunnel i have set up below my computer (192.168.1.2) able to ping to the Cisco Machine But when the cisco send reply , my machine send to the router protocol unreachable that means my linux box dont recognize the NOS protocol , i have pass allmost the whole linux how to documents grep "NOS" * / grep "nos" * / grep "tunnel" * and i havent find any HowTo that talk about NOS the only one was AX25-HOWTO and i have tried to use there example but i am getting error Destation on reachable when i am tring to set up the route Help will be apprechated Sincer Juda(Love Linux) Barnes
Martin Josefsson
2002-Jan-08 19:01 UTC
Re: Help!! Cisco --> Linux Tunneling via NOS Encapsulation
On Tue, 8 Jan 2002, Juda Barnes wrote: [snip]> My problem is that my ISP use a Cisco implemented IP over IP encapsulation called NOS (KA9Q/NOS Compatiable) , also named protocol 94 > > i have made some debugs and with the tunnel i have set up below my computer (192.168.1.2) able to ping to the Cisco Machine > But when the cisco send reply , my machine send to the router protocol unreachable > > that means my linux box dont recognize the NOS protocol , i have pass allmost the whole linux how to documentsI''ve searched the net for a little while and to me it seems like NOS is a normal ipip tunnel but using ipprotocol 94 instead of 4 from linux/include/linux/in.h: IPPROTO_IPIP = 4, /* IPIP tunnels (older KA9Q tunnels use 94) */ and IPPROTO_IPIP is used in ipip.c which is the IP-in-IP driver in linux. So you machine sends out tunnelpackets it sends them out with ip protocol 4 which the cisco seem to accept but the cisco sends packets back to you with ip protocol 94. I assume they have a generic ipip driver in Cisco''s IOS that listens for both ip protocol 4 and 94 and uses one of those protocols depending on the configuration. So if you change the value of IPPROTO_IPIP to 94 and recompile your kernel it should work. But after this small change your machine won''t be able to set up tunnels to other Linux''s which use protocol 4... but maybe you can live with that. It''s of course possible to fix it so that linux can use both but that needs some hacking, something you can start looking at if you''re interested in kernelhacking. Hope this helps. /Martin Never argue with an idiot. They drag you down to their level, then beat you with experience.
Jerome Petazzoni
2002-Jan-09 10:34 UTC
Re: Help!! Cisco --> Linux Tunneling via NOS Encapsula
> I''ve searched the net for a little while and to me it seems like NOS is > a normal ipip tunnel but using ipprotocol 94 instead of 4[...]> So if you change the value of IPPROTO_IPIP to 94 and recompile your kernel > it should work.it could be nice to have a iptables mangle target allowing arbitrary modification of packets ... I believe the protocol field is at a fixed offset, so that might work, or am I wrong ? it might also be possible to tweak UDP packets to TCP packets and reversely, to bypass dumb firewalls blocking UDP packets (but not doing stateful filtering). if that sounds technically ok, I might write the iptables target to do that ... it should be easy, anyway. Jerome Petazzoni <skaya at enix dot org> -- ''I don''t like to ask them questions.'' ''Why not?'' ''They might give me answers. And then what would I do?'' (Lords and Ladies)
Okay sorry for the late answer , it was a terriable week and weekend ! My whole ip classes are down bcz My Co Make changes in the network topologey thigs that make me build a tunnel to the cisco router . for unknown reason (possible bcz my class is down) i have noticed strange traffic on my MRTG reports and alot of kernel panic , which make my server goes down without any reason Well i have make alot of changes on my linux hopely when i wake up tommrow it will be up :-) Anyway short brief of stuff i have tried to do , seems not working. i have change the #define IPIP_PROTO from 94 to 4 on /usr/src/linux/include/linux/in.h and recompile the kernel , as Martin thought , but it didnt help . more than that i have got strnage iptables output ;-) when i have run iptables insted of #ip tunnel tunl0: ip/ip remote any local any ttl inherit nopmtudisc i have got #ip tunnel tunl0: unknown/ip remote any local ttl inherit no... i have tried to recompile the iptables with the (94) definination maybe is that work but i have got ioctl error when i have tried to set up the tunnel ;-) i have take future steps and start goes on the ipv4 source code and the tunneling code ;-) i have e-mail to Alan Cox (Mini Ginenus that code the ipv4 in the linux kernel ) i havent got any respond due the fact my mail serv is down for since 9 Januar Any ideas will be greatfully!