RE: Request for help getting pkcipe configured correctly|
Evan Harris <eharris,AT,puremagic,DOT,com>|
Wed, 22 Jan 2003 15:11:55 +0100|
The ping I was doing by hand (during testing), and I wasn't sure I should
use dynip since the ip address of the client in this particulare config
really doesn't change, only the source port, but I'll try it.
I think the root problem is making pkcipe on the server only setup ciped to
talk from a fixed port. That way, when the client negotiates with pkcipe,
it would know to only talk to a particular port on the server, rather than a
random one, and thus allowed through the server's firewall. This is
required since the firewall on the server side isn't under my control, and I
have to use an already allowed udp port (for security reasons, they won't
allow incoming udp:any->udp:any, though I can use udp:any->udp:fixed).
On Wed, 22 Jan 2003, Mark Smith wrote:
> My config looks like:
> -----BEGIN PUBLIC KEY-----
> -----END PUBLIC KEY-----
> ipaddr 10.0.0.12
> ptpaddr 192.168.0.1
> ping 10
> which works fine from behind a firewall. The IP address used by the
> 'client' pkcipe to connect to the 'server' pkcipe should be the same one
> that gets passed to ciped. I couldn't quite understand from your message if
> it was the other end that was causing a problem - the IP address that the
> server sees the pkcipe packets coming from would be the one that was used
> for the remote end's ciped. I might just be missing something, but could
> you give some more details?
> Mark Smith - Avco Systems Ltd
> email: mark.smith,AT,avcosystems,DOT,co,DOT,uk
> Tel: +44 (0)1784 430996 Fax: +44 (0)1784 431078
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: