<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: pkcipe thru NAT?
From: Bill <bill,AT,sanac,DOT,net>
Date: Fri, 15 Mar 2002 17:30:43 +0100
In-reply-to: <C106BE84A6B5D411883300508B55B83A01558771@mail1.tmwsystems.com>

Thanks Paul,

I somehow tried that, but I'm lost as to where the configurations go...

I seem to have to put stuff in both the client's /etc/cipe/pk/serverA and the 
server's /etc/cipe/pk/clientD or the client's ciped won't start.  both 
/etc/cipe/peer/* don't seem to be read when pkcipe is run.  The options file 
don't make sense since i want to run many connections with different 
addresses.

finally, which may be the funniest part, since routerC's address is dynamic, 
I can't reliably store it in a configuration file...

On Friday 15 March 2002 10:47, Bort, Paul wrote:
> IIRC, you need to tell A that D is at C's address, and tell C to forward
> that port to D. On the flipside, you need to tell D that A is at B's
> address, and put a rule in B to forward that port to A.
>
> I solved the problem here by running CIPE on the NAT firewalls, so it's
> just another route.
>
> I think this is the same with cipe or pkcipe, it's a routing/NATing issue.
>
> Good Luck.
>
> >
> > Hi all,
> >
> > i'd very much like to use CIPE to VPN different networks,
> > most of them
> > connected to the internet thru dynamic IPs.  As I have one
> > system with a
> > static IP, I guess this can play the "hub" if necessary
> >
> > my basic test setup is thus:
> >
> > A (CIPE server) <--> B (NAT router) <--> C (NAT router) <-->
> > D (CIPE client)
> >              <10.x.x.x>          <internet>         <192.168.x.x>
> >
> > all systems are Debian/Linux
> >
> > i'm using port 666 on A and D, with forwards on B and C
> >
> >
> > so far pkcipe connects the two systems, but both send
> > encrypted UDP packets
> > to the other system's private address.  Browsing the doc, I see lots
> > concerning cipe-only setup, but pkcipe leaves me in the dark.
> >
> >
> > any hint will be greatly appreciated...
> >

-- 
Billy Nadeau   -   bill,AT,sanac,DOT,net
PGP Fingerprint 1702 404D 2F63 A799 B5A2  00A1 B362 C7BF 7325 8634





<< | Thread Index | >> ]    [ << | Date Index | >> ]