<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: pkcipe thru NAT?
From: "Bort, Paul" <pbort,AT,tmwsystems,DOT,com>
Date: Fri, 15 Mar 2002 16:56:46 +0100

IIRC, you need to tell A that D is at C's address, and tell C to forward
that port to D. On the flipside, you need to tell D that A is at B's
address, and put a rule in B to forward that port to A. 

I solved the problem here by running CIPE on the NAT firewalls, so it's just
another route. 

I think this is the same with cipe or pkcipe, it's a routing/NATing issue. 

Good Luck.

> -----Original Message-----
> From: Bill [mailto:bill,AT,sanac,DOT,net
> Sent: Friday, March 15, 2002 10:13 AM
> To: cipe-l,AT,inka,DOT,de
> Subject: pkcipe thru NAT?
> 
> 
> Hi all,
> 
> i'd very much like to use CIPE to VPN different networks, 
> most of them 
> connected to the internet thru dynamic IPs.  As I have one 
> system with a 
> static IP, I guess this can play the "hub" if necessary
> 
> my basic test setup is thus:
> 
> A (CIPE server) <--> B (NAT router) <--> C (NAT router) <--> 
> D (CIPE client)
>              <10.x.x.x>          <internet>         <192.168.x.x>
> 
> all systems are Debian/Linux
> 
> i'm using port 666 on A and D, with forwards on B and C
> 
> 
> so far pkcipe connects the two systems, but both send 
> encrypted UDP packets 
> to the other system's private address.  Browsing the doc, I see lots 
> concerning cipe-only setup, but pkcipe leaves me in the dark.
> 
> 
> any hint will be greatly appreciated...
> 
> -- 
> Billy Nadeau   -   bill,AT,sanac,DOT,net
> PGP Fingerprint 1702 404D 2F63 A799 B5A2  00A1 B362 C7BF 7325 8634
> 
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 





<< | Thread Index | >> ]    [ << | Date Index | >> ]