Re: Re: [m0n0wall] m0n0-m0n0 1.3b4 ipsec up but can't ping LAN

From:	Joe Commisso <jemc at twcny dot rr dot com>
To:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: Re: [m0n0wall] m0n0-m0n0 1.3b4 ipsec up but can't ping LAN
Date:	Thu, 01 Nov 2007 22:42:56 -0400

Chris Buechler wrote:
> The config looks fine.
>
> Is the LAN IP on the other side the default gateway for that network?
>   
It wasn't, but I now have my print server gateway set to the LAN IP of 
m0n0 and I can ping it from the other m0n0 internal nic!
What I need to test now is telnet and I don't have a telnet client 
available to me from the other end while I am not there.
> If not, you need a route on whatever their default gateway is,
> pointing that subnet to the VPN endpoint's LAN IP. Otherwise the
> traffic is getting there, getting replied to, but the replies go to
> the default gateway for that network.
>
> -Chris
>   
Can someone please help me with the route command?
The other subnet has a gateway 192.168.5.1 and everything there has to 
use that.
The gateway on the other end is redhat 7.3. I tried adding a route such as:
route add -net 192.168.7.0 gw 192.168.5.245 netmask 255.255.255.0

My subnet here is 192.168.7.0

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.7.0     192.168.5.245   255.255.255.0   UG    0      0        0 eth1

But I still can't ping through to the other end.
As I said above, I can ping from the other m0n0 to my print server here 
though so that tells me the VPN is up.

Can someone also please tell me if NAT-T is needed to be checked in the 
IPSEC page on both ends?


That's all. Thanks,
Joe