<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: CIPE, NAT, ...
From: Ian McLeod <i_mcleod,AT,yahoo,DOT,com>
Date: Thu, 1 Nov 2001 16:57:12 +0100
In-reply-to: <20011101132359.GA5013@dhcp212.jak.mendelu.cz>

--- Robert Vojta <robert,AT,v0jta,DOT,net> wrote:
> Hi,
>   I read almost whole cipe info page and I found, that there is a 
> to establish CIPE connection between two machines, when one have static
> IP address and second machine have dynamic based address from DHCP and from
> subnet Between these two machines is masq router with no ports
> blocking, but I haven't any access to this router (and I will never have) 
> some port forwarding, etc.
>   I spent whole day of reading archive, searching web site with google, ...
> but I'm not sure if this is possible. Everyone who have NATed network is
> speaking about port forwarding but I can't do this.
>   Please, is this possible and if yes, can I find more examples than cipe
> info have? Or is there anyone who have working this configuration?

I do currently have this running.  Although I do have access to the
masquerading device it does not support the configurations suggested in the
info page and on the mailing list.  More specifically, I cannot force the
gateway to preserve the source port on my outgoing UDP packets.  The result is
that my connection to our corporate CIPE server appears to be coming from a
port other than the one I specify in my local options file.  The corporate
server doesn't seem to mind.  

However, I have encountered one problem.  If my cipe connection goes unused 
a certain period of time the masquerading gateway "forgets" what source UDP
port it was using for my connection to the corporate cipe server and chooses a
new source port.  Once this happens I'm screwed.  The corporate server refuses
to talk to me, even if I try to re-negociate the connection completely.

I am forced to reboot the gateway.  This gives me a new dynamic IP address.  
this point I appear, to the corporate server, to be using a new port _and_ IP
address and it is willing to reset the connection.  

Adding a "ping  10" directive to my options file prevents this from happening
_most_ of the time by maintaing constant traffic through the gateway.  This
allows me to maintain the same masqueraded source port.  However, this still
doesn't work between reboots of my cipe conncted workstation.

I believe it should be possible to fix this by adding pings and a timout error
counter on the other end of the CIPE connection.

Any comments?


> King regards, 
>                                                                 --Robert
> V0jta
> -- 
>   Never test for an error condition you don't know how to handle. 
> --Steinbach

> ATTACHMENT part 2 application/pgp-signature 

Do You Yahoo!?
Make a great connection at Yahoo! Personals.

<< | Thread Index | >> ]    [ << | Date Index | >> ]