>> Well, since A is behind NAT, B can't reach it, but A can reach B
>> without a problem.
>
>Hum, it's a bit harder then, and you won't be able to use gif.
>You'll need to have A establish a TCP connection with B, and have your tunnel
>run on top of that (with ppp for example).

doing tcp inside tcp is usually a bad idea.  are there any user-space
tunneling alternatives that use udp?  udp can (usually) pass in and
out of nat devices perfectly well, even if the timers are usually a
little shorter.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."