Request for help getting pkcipe configured correctly|
Evan Harris <eharris,AT,puremagic,DOT,com>|
Wed, 22 Jan 2003 09:55:14 +0100|
I have a configuration problem with pkcipe, hopefully someone here can tell
me the right way to do it. (Using cipe 1.5.4)
How do you configure a client pkcipe to spawn ciped so it uses the proper
ip:port when connecting from behind a masquerading firewall to a specific
port on a server?
I have a cipe "server" with a static ip that is behind a firewall that only
allows inbound traffic to specific ports. I have a client that is behind a
masquerading firewall. I have generated keys and put ptpaddr and ipaddr
lines in the /etc/cipe/pk/<host> files. I run "pkcipe -c server:pkcipe" and
the pkcipe portion appears to go smoothly. But no communication on the
tunnel is succesful.
Doing a packet dump, the server cipe process is trying to send it's UDP
packets to the behind-the-masquerading-firewall IP address of the client,
which fails since that address is not reachable from the server.
And, when doing a ping from the client side, the generated UDP packets are
being sent to the right ip, but are sent using a random destination port,
and not the specific port that the server should be listening on (and that
would be allowed through the server's firewall).
I've tried adding me and peer lines in the pkcipe config files, but they
haven't seemed to help any. I've tried using the -r option to pkcipe, and
pretty much everything else I can think of, but I haven't been able to get
it to work.
So I guess my key question is: how do you configure the inetd spawned pkcipe
on the server to setup ciped to use a specific source/listen port for all
it's comm? I assume that pkcipe/ciped will be smart enough to change the
ips and ports it's trying to talk to/with if I can just figure out how to
get one packet through to the server on the right port.
Any help/examples/pointers to more info would be much appreciated.