[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0-m0n0 1.3b4 ipsec up but can't ping LAN
 Date:  Mon, 29 Oct 2007 21:39:56 -0400 
On 10/29/07, Joe Commisso <jemc at twcny dot rr dot com> wrote:
> It acts the same with or without NAT Traversal.
>
> Could it be that there is something that is persistent that needs to be
> flushed?

No.


> I tried a reboot and still can't ping anything but the m0n0 nic.
>
> Strange that I don't get an SA until I ping through to the internal NIC
> of the other m0n0.
>

That's normal.

The config looks fine.

Is the LAN IP on the other side the default gateway for that network?
If not, you need a route on whatever their default gateway is,
pointing that subnet to the VPN endpoint's LAN IP. Otherwise the
traffic is getting there, getting replied to, but the replies go to
the default gateway for that network.

-Chris