Re: Re: [m0n0wall] m0n0-m0n0 1.3b4 ipsec up but can't ping LAN

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: Re: [m0n0wall] m0n0-m0n0 1.3b4 ipsec up but can't ping LAN
Date:	Thu, 1 Nov 2007 22:46:11 -0400

On 11/1/07, Joe Commisso <jemc at twcny dot rr dot com> wrote:
>
> Can someone please help me with the route command?
> The other subnet has a gateway 192.168.5.1 and everything there has to
> use that.
> The gateway on the other end is redhat 7.3. I tried adding a route such as:
> route add -net 192.168.7.0 gw 192.168.5.245 netmask 255.255.255.0
>
> My subnet here is 192.168.7.0
>
> # route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.7.0     192.168.5.245   255.255.255.0   UG    0      0        0 eth1
>
> But I still can't ping through to the other end.


It's been a LONG time since I've used Red Hat, but at a glance that
looks OK. Hopefully somebody that's used RH more recently, or has a
better memory of it than I do will comment. Maybe you have firewall
rules or something that's not allowing the traffic?



> As I said above, I can ping from the other m0n0 to my print server here
> though so that tells me the VPN is up.
>

yeah, definitely a route issue.

> Can someone also please tell me if NAT-T is needed to be checked in the
> IPSEC page on both ends?
>

No, don't check it.

-Chris