From owner-freebsd-net@FreeBSD.ORG Thu Jul 16 01:21:59 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F5AD1065670 for ; Thu, 16 Jul 2009 01:21:59 +0000 (UTC) (envelope-from sol4nki@gmail.com) Received: from mail-ew0-f215.google.com (mail-ew0-f215.google.com [209.85.219.215]) by mx1.freebsd.org (Postfix) with ESMTP id B26A88FC1A for ; Thu, 16 Jul 2009 01:21:58 +0000 (UTC) (envelope-from sol4nki@gmail.com) Received: by ewy11 with SMTP id 11so102422ewy.43 for ; Wed, 15 Jul 2009 18:21:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=8MHOOz+IsI2bUvqBLoRBUS+f2QBgwyFed03ii9FeEII=; b=ohXHBSs7/l7rGHO2KvjdvUFnGtB1pZ42avVGWNI++b7KKagzLwwLfB+mdXZisYJ2Pi Oppa/VJSrQ4K1C3570sx+E50inDJFp2wvaTebrDoSDDM+Vm0PPeBwODFlHFNfL421MB9 1DfOCHKwjvgK083nU8FVlb66dOjv6I7S69XZs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=MPuANQoR+7FDquh44vXtpsKf5k4GEogkuKMoPx3JELQ1+6Pu6XOhKDkA5zcUFQb/v0 SgYETl5spLsiZxUgwicLERPoGOnwVTdFUWPPjYPwqPrqvEo2B5cXRv0rPz5wXKawGeZa Ahu+PbU070StoF9du0bgrNRS3t1Ic02C5lkxE= MIME-Version: 1.0 Received: by 10.216.28.85 with SMTP id f63mr2272757wea.142.1247705863244; Wed, 15 Jul 2009 17:57:43 -0700 (PDT) In-Reply-To: <20090715181703.00006c68@unknown> References: <20090715181703.00006c68@unknown> Date: Thu, 16 Jul 2009 02:57:43 +0200 Message-ID: <52bc9f190907151757w313175acxa40d4eae656a8345@mail.gmail.com> From: Jigar SOLANKI To: Gergely CZUCZY Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: IPsec tunnel help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jul 2009 01:21:59 -0000 Hi, I think that you can't see any outgoing traffic because there is no spd rule that matches any outgoing traffic ( from site A, ie you freebsd box) : this just comes from your second spd rule where "in" should be "out" : Try to replace the second rule: spdadd 192.168.0.0/24 192.168.1.64/32 any -P in ipsec esp/tunnel/217.150.138.138-217.150.130.163/unique; By : spdadd 192.168.0.0/24 192.168.1.64/32 any -P out ipsec esp/tunnel/217.150.138.138-217.150.130.163/unique; Hope this helps. :-) Regards, -- SOLANKI Jigar ---