<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I’m trying to setup a net-net vpn with a friend. We
live in the same apartment complex and both have cable modems. We both have
Linux machines as our firewall/gateway. Mine is FC5 and his is Kubuntu.
Here’s the result of “ipsec auto –status”<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>[root@JMH-LINUX ~]# ipsec
auto --status<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 interface lo/lo ::1<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 interface lo/lo
127.0.0.1<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 interface lo/lo
127.0.0.1<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 interface eth0/eth0
68.63.78.164<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 interface eth0/eth0
68.63.78.164<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 interface eth1/eth1
192.168.1.1<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 interface eth1/eth1 192.168.1.1<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 %myid = (none)<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 debug none<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP encrypt:
id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP encrypt:
id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP encrypt:
id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP encrypt:
id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP encrypt:
id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP encrypt: id=252,
name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP encrypt:
id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP auth attr:
id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP auth attr:
id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP auth attr:
id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm ESP auth attr:
id=251, name=(null), keysizemin=0, keysizemax=0<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE encrypt:
id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE encrypt:
id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE hash:
id=1, name=OAKLEY_MD5, hashsize=16<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE hash:
id=2, name=OAKLEY_SHA1, hashsize=20<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE dh group:
id=2, name=OAKLEY_GROUP_MODP1024, bits=1024<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE dh group:
id=5, name=OAKLEY_GROUP_MODP1536, bits=1536<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE dh group:
id=14, name=OAKLEY_GROUP_MODP2048, bits=2048<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE dh group:
id=15, name=OAKLEY_GROUP_MODP3072, bits=3072<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE dh group:
id=16, name=OAKLEY_GROUP_MODP4096, bits=4096<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE dh group:
id=17, name=OAKLEY_GROUP_MODP6144, bits=6144<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 algorithm IKE dh group:
id=18, name=OAKLEY_GROUP_MODP8192, bits=8192<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 stats db_ops.c:
{curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 "net-to-net":
192.168.1.0/24===68.63.78.164---68.63.78.129...68.63.78.129---68.63.31.50===192.168.2.0/24;
erouted; eroute owner: #14<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000
"net-to-net": srcip=unset; dstip=unset;
srcup=ipsec _updown; dstup=ipsec _updown;<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000
"net-to-net": ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 "net-to-net":
policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000
"net-to-net": newest ISAKMP SA: #19; newest IPsec SA:
#14;<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000
"net-to-net": IKE algorithm newest:
3DES_CBC_192-MD5-MODP1536<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 #14:
"net-to-net":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 12481s; newest IPSEC; eroute owner<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 #14:
"net-to-net" esp.4df02447@68.63.31.50 esp.29f0933@68.63.78.164
tun.0@68.63.31.50 tun.0@68.63.78.164<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000 #19:
"net-to-net":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE
in 421s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>000<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'>[root@JMH-LINUX ~]#<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in'><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>It looks like the VPN is up, but we can’t ping
anything on the other side. We’ve both looked everywhere for something
that addresses this issue, but can’t find any help. Could you help us?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>James House<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>