[Openswan Users]
Re: [Users] can't ping from subnet to subnet (isakmpd===ipsec, with
PSK's)
Sam Sgro
sam at freeswan.org
Tue Jan 27 12:45:36 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday 27 January 2004 03:32, foren titze wrote:
> i have an connection between established, so that IPsec SA established on
> the ipsec side emerges. but i can't ping in the subnets behind the
> gateways.
Your FreeS/WAN config looks fine. I'd start to suspect the isakmpd box, mostly
because I'm not as familiar with its method of configuration. Collect some
evidence; use tcpdump on the external interface, and observe a ping from a
machine on one subnet to the other. Does the FS box emit ESP packets? Do you
receive replies?
Although you don't have a remote-net kernel route on the isakmpd box, it may
be fine (as its default route should ensure reply packets hit the external
interface).
- --
Sam Sgro
sam at freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iQCVAwUBQBajwEOSC4btEQUtAQHTOgQAqwedLMF3PvG1h272OYmAtChZGwNuEKt4
3HFcR0ok4g8dRsI3qPaOqoYBTwcCvSXKSGbzbZVnUXQx9HGosCV34EGxD6lCcNwv
w/UALUgz/gJbNsW/eTDxRV3oQI2RjTQQ5fuD4y4RY1gkOklVJIRRaSNL0bt4e6Of
60WKCcXCUkA=
=3ZSx
-----END PGP SIGNATURE-----
More information about the Users
mailing list