<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Mark Smith <mark.smith,AT,avcosystems,DOT,co,DOT,uk>
Subject: Re: pkcipe and NAT
From: "T.M.F." <tmf,AT,wizzard,DOT,one,DOT,pl>
Date: Fri, 08 Aug 2003 18:19:22 +0200
Cc: "Cipe list (E-mail)" <cipe-l,AT,inka,DOT,de>
In-reply-to: <01C35DCD.DDD37ED0.mark.smith@avcosystems.co.uk>
References: <01C35DCD.DDD37ED0.mark.smith@avcosystems.co.uk>

Thank you for your response. The problem is that pkcipe miskonfigured cipe interface on comp A (that with real IP), and set the peer option to 192.168.0.2 (it's the address of computer behind NAT). So returning packets can't come back to NAT router. This behavior could be expected, as it is written in documentation of pkcipe. This should be corrected after receiving by compA valid packet from compB (after setting ping option on compB).
Unfortunatelly it didn't happens, and cipe interface on compA stays misconfigured. Of course keep-alive pings from compA travels and are correctly received by compB as I noticed using tcpdump.
I don't know if this is a bug in ciped-cb or bug in my configuration.
In key file on compA I append following options:
ipaddr=192.168.5.1
ptpaddr=192.168.5.2
maxerr=-1


on compB:
ipaddr=192.168.5.1
ipaddr=192.168.5.2
ping 10
maxerr=-1

As for the 'ping' option, you simply need to specify the word 'ping' at the bottom of the config file on the NAT end to maintain traffic and thus a working tunnel.


I do it, but it doesn't work.



If you need further help, please consider joining and mailing the list as there are many people who have almost certainly done exactly what you are trying to do, and with further information about your configuration could almost certainly advise you as to what's wrong.




I have read almost all messages on this group, but I didn't find any solution. I've posted my problem, so when I finally solve it (I hope so), I will post the solution.
My cipe version is 1.5.4 if it matters.



<< | Thread Index | >> ]    [ << | Date Index | >> ]