Subject: PKCIPE + Masquerading => Timeout
From: Veros Kaplan <veros-cipe,AT,tac,DOT,cz>
Date: Mon, 25 Mar 2002 18:49:06 +0100


I've tried to set up VPN using CIPE from masqueraded network to another 

The topology is:

  network1 === CIPE1 ===  firewall --- Internet --- CIPE2 == network

There is PKCIPE listener on CIPE2 (using tcpserver)
I'm connecting from CIPE1 by calling pkcipe 
# pkcipe -c cipe2:pkcipe cipe1 

Both PKCIPEs gets connected, the interface cipcb0 successfully starts. After
some time (ten minutes?) pkcipe on CIPE1 writes "Timeout" and dies (errorlevel
3). The cipcb0 interface is still alive and I can use it (for some time).

netstat says that pkcipe TCP socket on CIPE2 is in CLOSE_WAIT state. I feel it
is strange but I can be wrong.

Masquerading timeouts on masquerading firewalls are set to 600 10 90 (TCP
TCP+FIN UDP/ICMP). CIPE ping is set (at least on CIPE1) to 30seconds.
CIPE version is 1.5.2

I searched cipe-l archives from Google and I haven't found anything. Can
somebody help me? Thank in advance

--V&ecaron;ro&scaron; Kaplan

