[ previous ] [ next ] [ threads ]
 From:  Joe Commisso <jemc at twcny dot rr dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Re: [m0n0wall] m0n0-m0n0 1.3b4 ipsec up but can't ping LAN
 Date:  Thu, 01 Nov 2007 22:42:56 -0400
Chris Buechler wrote:
> The config looks fine.
> Is the LAN IP on the other side the default gateway for that network?
It wasn't, but I now have my print server gateway set to the LAN IP of 
m0n0 and I can ping it from the other m0n0 internal nic!
What I need to test now is telnet and I don't have a telnet client 
available to me from the other end while I am not there.
> If not, you need a route on whatever their default gateway is,
> pointing that subnet to the VPN endpoint's LAN IP. Otherwise the
> traffic is getting there, getting replied to, but the replies go to
> the default gateway for that network.
> -Chris
Can someone please help me with the route command?
The other subnet has a gateway and everything there has to 
use that.
The gateway on the other end is redhat 7.3. I tried adding a route such as:
route add -net gw netmask

My subnet here is

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface   UG    0      0        0 eth1

But I still can't ping through to the other end.
As I said above, I can ping from the other m0n0 to my print server here 
though so that tells me the VPN is up.

Can someone also please tell me if NAT-T is needed to be checked in the 
IPSEC page on both ends?

That's all. Thanks,