I have been able to get a IPSec tunnel semi-working with m0n0 and SSH
Sentinel 22.214.171.124. I can get through phase 1 and phase 2, get a tunnel
up and running but once the tunnel is up, I am unable to do the
1. Ping any hosts on the LAN except the IP assigned to m0n0's LAN
-- If I manually specify my own virtual IP addr for the IPSec
tunnel (an unused IP in my public /29 netwrk), I can only
ping the m0n0's LAN IP and no other LAN IP addrs. Looking
at the ARP cache on any of the LAN hosts, the arp entry for
the static IP is shown as (incomplete).
19:46:28.565531 IPSec.client.virtualip > Local.lan.ip: icmp: echo request (ttl 127, id 18309, len
19:46:28.565649 arp who-has IPSec.client.virtualip tell Local.lan.ip
IPSec.client.virtualip (aaa.bbb.ccc.ddd) at (incomplete) on fxp0 [ethernet]
I am very new to IPSec, but to me it looks like the m0n0 is
just not arping for this virtual IP. Should I expect it to?
2. Get DHCP over IPSec to work. (I am sure that #1 needs to be hammered
out before I can proceed trying to do this)
-- The SSH Sentinel logs show the dhcp broadcast being sent
across the tunnel, but tcpdump never shows that being sent
through to the LAN. (The DHCP server is _not_ on the m0n0).
What am I missing?
Arnold Cavazos, Jr. abcjr at abcjr . net