RE: Request for help getting pkcipe configured correctly

[Evan Harris <eharris,AT,puremagic,DOT,com>]

The ping I was doing by hand (during testing), and I wasn't sure I should
use dynip since the ip address of the client in this particulare config
really doesn't change, only the source port, but I'll try it.

I think the root problem is making pkcipe on the server only setup ciped to
talk from a fixed port.  That way, when the client negotiates with pkcipe,
it would know to only talk to a particular port on the server, rather than a
random one, and thus allowed through the server's firewall.  This is
required since the firewall on the server side isn't under my control, and I
have to use an already allowed udp port (for security reasons, they won't
allow incoming udp:any->udp:any, though I can use udp:any->udp:fixed).

Thanks.

Evan

On Wed, 22 Jan 2003, Mark Smith wrote:

> My config looks like:
>
> -----BEGIN PUBLIC KEY-----
> <snip>
> -----END PUBLIC KEY-----
> ipaddr 10.0.0.12
> ptpaddr 192.168.0.1
> ping 10
> dynip
>
> which works fine from behind a firewall.  The IP address used by the
> 'client' pkcipe to connect to the 'server' pkcipe should be the same one
> that gets passed to ciped.  I couldn't quite understand from your message if
> it was the other end that was causing a problem - the IP address that the
> server sees the pkcipe packets coming from would be the one that was used
> for the remote end's ciped.  I might just be missing something, but could
> you give some more details?
>
> Regards,
>
> --
> Mark Smith - Avco Systems Ltd
> email: mark.smith,AT,avcosystems,DOT,co,DOT,uk
> Tel: +44 (0)1784 430996 Fax: +44 (0)1784 431078
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: 
><URL:http://sites.inka.de/~bigred/devel/cipe.html>
>