Re: [m0n0wall] IPSEC Issues site-to-site ver 1.22

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] IPSEC Issues site-to-site ver 1.22
Date:	Mon, 8 May 2006 18:00:38 -0400

On 5/8/06, Don Munyak <don dot munyak at gmail dot com> wrote:
>
> First thing...I didn't mean to confuse anyone about ICMP ping and
> NAT-T. The point I was trying to make was "MY" inability to ping
> through an IPSEC tunnel, and yet still be able to connect remotely to
> the application server intended. I am under the impression you can't
> ping through an IPSEC tunnel...but I could be wrong.
>

You're right on the issue, wrong on the cause.  :)

The issue is, by default, pings get sourced from your WAN IP.  Your
WAN IP isn't going to traverse the VPN, hence the pings time out.  One
of the 1.2.x releases added a "interface" box on the ping page, if you
set the interface there to LAN, you can now ping over VPN.

As for the rest, it's way more than I have time to look at
immediately, maybe later tonight.

-Chris