[ previous ] [ next ] [ threads ]
 
 From:  "Wilfred E. Savery" <wilfred dot savery at innovadotnet dot com>
 To:  "'Chris Buechler'" <cbuechler at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC Issues site-to-site ver 1.22
 Date:  Sun, 8 Jan 2006 18:47:42 -0600
Sorry I dint'd get what you are trying to say.

You say that the IPSec configuration should be on the LAN interface and not
on the WAN????

And this will when pinging from the LAN to remote LAN?

W.S:

-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Monday, May 08, 2006 4:01 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] IPSEC Issues site-to-site ver 1.22

On 5/8/06, Don Munyak <don dot munyak at gmail dot com> wrote:
>
> First thing...I didn't mean to confuse anyone about ICMP ping and
> NAT-T. The point I was trying to make was "MY" inability to ping
> through an IPSEC tunnel, and yet still be able to connect remotely to
> the application server intended. I am under the impression you can't
> ping through an IPSEC tunnel...but I could be wrong.
>

You're right on the issue, wrong on the cause.  :)

The issue is, by default, pings get sourced from your WAN IP.  Your
WAN IP isn't going to traverse the VPN, hence the pings time out.  One
of the 1.2.x releases added a "interface" box on the ping page, if you
set the interface there to LAN, you can now ping over VPN.

As for the rest, it's way more than I have time to look at
immediately, maybe later tonight.

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch