RE: pkcipe and NAT

[Mark Smith <mark.smith,AT,avcosystems,DOT,co,DOT,uk>]

The configuration parameters are important with pkcipe, just as they are 
with a static tunnel.  If you compare the pkcipe generated options file 
with your static one, you should see the IP addresses that it has picked. 
 If they are wrong, you can override them.

As for the 'ping' option, you simply need to specify the word 'ping' at the 
bottom of the config file on the NAT end to maintain traffic and thus a 
working tunnel.

If you need further help, please consider joining and mailing the list as 
there are many people who have almost certainly done exactly what you are 
trying to do, and with further information about your configuration could 
almost certainly advise you as to what's wrong.

Hope this helps,

--
Mark Smith - Avco Systems Ltd
email: mark.smith,AT,avcosystems,DOT,co,DOT,uk
Tel: +44 (0)1784 430996 Fax: +44 (0)1784 431078

-----Original Message-----
From: Tomasz Francuz [mailto:tfrancuz,AT,mp,DOT,pl
Sent: 08 August 2003 16:33
To: mark.smith,AT,avcosystems,DOT,co,DOT,uk
Subject: pkcipe and NAT

Hello!
I just find your discussion about pkcipe dated september 2002.
I have the same problem. Two computers, one with real IP (compA), and
second behind NAT (compB).
I'm trying to use pkcipe, on both sides connection is established (e.g.
cipcb0 interfaces are going up), but I can't send anything through cipe
tunnell.
I noticed that packets from nated computer (compA) are transported
correctly to compB, but responses from compB are not sended.
pkcipe misconfigured the connection, and configure cipe on compA with
peer=private IP of comp B, not IP of NAT machine.
That is the problem.
In cipe documentation there is a sugestion that ping command in options
on compB solves the problem. But unfortunatelly it doesn't  work for me.
Do you know how to solve my problem ?
Sincerely yours,
Tomasz Francuz.