RE: pkcipe thru NAT?|
"Bort, Paul" <pbort,AT,tmwsystems,DOT,com>|
Fri, 15 Mar 2002 16:56:46 +0100|
IIRC, you need to tell A that D is at C's address, and tell C to forward
that port to D. On the flipside, you need to tell D that A is at B's
address, and put a rule in B to forward that port to A.
I solved the problem here by running CIPE on the NAT firewalls, so it's just
I think this is the same with cipe or pkcipe, it's a routing/NATing issue.
> -----Original Message-----
> From: Bill [mailto:bill,AT,sanac,DOT,net
> Sent: Friday, March 15, 2002 10:13 AM
> To: cipe-l,AT,inka,DOT,de
> Subject: pkcipe thru NAT?
> Hi all,
> i'd very much like to use CIPE to VPN different networks,
> most of them
> connected to the internet thru dynamic IPs. As I have one
> system with a
> static IP, I guess this can play the "hub" if necessary
> my basic test setup is thus:
> A (CIPE server) <--> B (NAT router) <--> C (NAT router) <-->
> D (CIPE client)
> <10.x.x.x> <internet> <192.168.x.x>
> all systems are Debian/Linux
> i'm using port 666 on A and D, with forwards on B and C
> so far pkcipe connects the two systems, but both send
> encrypted UDP packets
> to the other system's private address. Browsing the doc, I see lots
> concerning cipe-only setup, but pkcipe leaves me in the dark.
> any hint will be greatly appreciated...
> Billy Nadeau - bill,AT,sanac,DOT,net
> PGP Fingerprint 1702 404D 2F63 A799 B5A2 00A1 B362 C7BF 7325 8634
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: