[ previous ] [ next ] [ threads ]
 
 From:  "Cory Strobel" <corys at medican dot com>
 To:  =?iso-8859-2?Q?Uro=B9_Gruber?= <uros dot gruber at vizija dot si>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC with FreeBSD
 Date:  Mon, 19 Sep 2005 14:39:46 -0600
That is a routing problem with IPSEC on the server. It is actually a problem with basically all
IPSEC servers that I have ever used. To verify this is the problem try this:

On your BSD server  try:

ping -c 2 -S 192.168.0.1 <remote client IP>

This will ping the client from the local interface and should route the traffic to the remote
network.

You will need to tell your server how to get to the local network on the other side of the tunnel.
There are descriptions of how to do this, but basically you will need to tell your server how to get
to the remote local network. There is a fair amount of documentation on this, but I do not have a
system to give the exact routing to you, so unless someone else on this list has that information,
you will likely need to search the archives.

-Cory

-----Original Message-----

Sent: Monday, September 19, 2005 2:23 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] IPSEC with FreeBSD

Cory Strobel said the following on 17.9.2005 0:02:
> Still think the problem is the subnet masking. If the tunnel is being established (you said you
can ping the two hosts) but nothing else, the problem is most likely with the masks you are using.
> 
> You are trying to access both LANs but you have this line:
> 
> sainfo address 10.0.0.0/8 any address 192.168.0.1/32 any {
> 
> It should be a 192.168.0.1/24 based on the other info you sent. Try resetting that and it should
work.
> 

Ok I try this and check all config and it's set ok. And now I can connect from my local net
10.0.0.0/8 to external server on 192.168.0.1.
But I can't from server to my local net.

regards

Uros

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch