<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: newbie in trouble with pkcipe on linux
From: "Mark Smith" <mark.smith,AT,avcosystems,DOT,co,DOT,uk>
Date: Fri, 13 Sep 2002 12:16:45 +0200
In-reply-to: <Pine.GSO.4.44.0209131254530.26184-100000@cs.uku.fi>

CIPE uses UDP, and if you're clever you can get the end behind the firewall
to send the first outbound packet, which should establish the connection
through your firewall.  This I believe is the recommended method of
operation for cases such as this - certainly it's what I use, and it appears
to work for me.  Your manual connection success walso implies that this
works for you.  It's perhaps possible that the pkcipe-started tunnel doesn't
send the opening packet as expected, instead waiting for one, but this is
beyond my knowledge.

This is perhaps why the keepalive, ping and dynip options are relevant - try
putting at least "ping 10" and "dynip" in the pkcipe options on the end
behind the firewall, but I have to admit I only stumbled across these
settings, I can't say what your exact case will need.

Hope this helps,

--
Mark Smith - Avco Systems Ltd
email: mark.smith,AT,avcosystems,DOT,co,DOT,uk
Tel: +44 (0)1784 430996 Fax: +44 (0)1784 431078

> -----Original Message-----
> From: Mikko Pasanen [mailto:miapasan,AT,cs,DOT,uku,DOT,fi
> Sent: 13 September 2002 11:00
> To: Mark Smith
> Subject: RE: newbie in trouble with pkcipe on linux
>
>
>
>       Are these ports udp or tcp ports ? And on the which
> side they need
> to be open ? There's filtering only inbound connections in the masqin
> firewall. Do i need to forward some ports more ?
>
> On Fri, 13 Sep 2002, Mark Smith wrote:
>
> > I haven't had this personally, and I'm only guessing, but
> I'd say it's
> > probably saying that it can't pass traffic through to the
> remote end, which
> > we knew already.  Anyone else got a more informed answer?
> >
> > The options file(s) are going to be more help in trying to
> diagnose the
> > problem I think.  You mentioned that one end was behind a
> masquerading
> > firewall - is it possible that it's also a filtering
> firewall, and the
> > port(s) being chosen by pkcipe aren't getting through?
> When you establish a
> > manual connection, you get to choose the ports, but with
> pkcipe, they're
> > chosen for you.  Mine have been in the region of 32770 to
> 32779, but since
> > I've not been filtering, this has been fine.  Will such
> ports get through
> > your configuration?
> >
> > --
> > Mark Smith - Avco Systems Ltd
> > email: mark.smith,AT,avcosystems,DOT,co,DOT,uk
> > Tel: +44 (0)1784 430996 Fax: +44 (0)1784 431078
> >
> >
>
>





<< | Thread Index | >> ]    [ << | Date Index | >> ]