Thanks Paul,
I somehow tried that, but I'm lost as to where the configurations go...
I seem to have to put stuff in both the client's /etc/cipe/pk/serverA and the
server's /etc/cipe/pk/clientD or the client's ciped won't start. both
/etc/cipe/peer/* don't seem to be read when pkcipe is run. The options file
don't make sense since i want to run many connections with different
addresses.
finally, which may be the funniest part, since routerC's address is dynamic,
I can't reliably store it in a configuration file...
On Friday 15 March 2002 10:47, Bort, Paul wrote:
> IIRC, you need to tell A that D is at C's address, and tell C to forward
> that port to D. On the flipside, you need to tell D that A is at B's
> address, and put a rule in B to forward that port to A.
>
> I solved the problem here by running CIPE on the NAT firewalls, so it's
> just another route.
>
> I think this is the same with cipe or pkcipe, it's a routing/NATing issue.
>
> Good Luck.
>
> >
> > Hi all,
> >
> > i'd very much like to use CIPE to VPN different networks,
> > most of them
> > connected to the internet thru dynamic IPs. As I have one
> > system with a
> > static IP, I guess this can play the "hub" if necessary
> >
> > my basic test setup is thus:
> >
> > A (CIPE server) <--> B (NAT router) <--> C (NAT router) <-->
> > D (CIPE client)
> > <10.x.x.x> <internet> <192.168.x.x>
> >
> > all systems are Debian/Linux
> >
> > i'm using port 666 on A and D, with forwards on B and C
> >
> >
> > so far pkcipe connects the two systems, but both send
> > encrypted UDP packets
> > to the other system's private address. Browsing the doc, I see lots
> > concerning cipe-only setup, but pkcipe leaves me in the dark.
> >
> >
> > any hint will be greatly appreciated...
> >
--
Billy Nadeau - bill,AT,sanac,DOT,net
PGP Fingerprint 1702 404D 2F63 A799 B5A2 00A1 B362 C7BF 7325 8634