Mark Smith <mark.smith,AT,avcosystems,DOT,co,DOT,uk>|
Re: pkcipe and NAT|
Fri, 08 Aug 2003 18:19:22 +0200|
"Cipe list (E-mail)" <cipe-l,AT,inka,DOT,de>|
Thank you for your response. The problem is that pkcipe miskonfigured
cipe interface on comp A (that with real IP), and set the peer option to
192.168.0.2 (it's the address of computer behind NAT). So returning
packets can't come back to NAT router. This behavior could be expected,
as it is written in documentation of pkcipe. This should be corrected
after receiving by compA valid packet from compB (after setting ping
option on compB).
Unfortunatelly it didn't happens, and cipe interface on compA stays
misconfigured. Of course keep-alive pings from compA travels and are
correctly received by compB as I noticed using tcpdump.
I don't know if this is a bug in ciped-cb or bug in my configuration.
In key file on compA I append following options:
As for the 'ping' option, you simply need to specify the word 'ping'
at the bottom of the config file on the NAT end to maintain traffic
and thus a working tunnel.
I do it, but it doesn't work.
I have read almost all messages on this group, but I didn't find any
solution. I've posted my problem, so when I finally solve it (I hope
so), I will post the solution.
If you need further help, please consider joining and mailing the list
as there are many people who have almost certainly done exactly what
you are trying to do, and with further information about your
configuration could almost certainly advise you as to what's wrong.
My cipe version is 1.5.4 if it matters.