From owner-freebsd-net  Mon Jul 15  0:54:38 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8064F37B84F
	for <freebsd-net@FreeBSD.ORG>; Mon, 15 Jul 2002 00:54:29 -0700 (PDT)
Received: from papa.tanu.org (kame195.kame.net [203.178.141.195])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1C90443E3B
	for <freebsd-net@FreeBSD.ORG>; Mon, 15 Jul 2002 00:53:05 -0700 (PDT)
	(envelope-from sakane@kame.net)
Received: from localhost ([2001:218:1e1f:40:260:1dff:fe21:f766])
	by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g6F7upn80384;
	Mon, 15 Jul 2002 16:56:53 +0900 (JST)
	(envelope-from sakane@kame.net)
To: vulture@consult-scs.com
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: IPSEC Tunnel
In-Reply-To: Your message of "Tue, 09 Jul 2002 22:07:40 -0700"
	<3D2BC11C.2000508@consult-scs.com>
References: <3D2BC11C.2000508@consult-scs.com>
X-Mailer: Cue version 0.6 (020620-1817/sakane)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Message-Id: <20020715165303Y.sakane@kame.net>
Date: Mon, 15 Jul 2002 16:53:03 +0900
From: Shoichi Sakane <sakane@kame.net>
X-Dispatcher: imput version 20000228(IM140)
Lines: 16
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

> Is it not possible to have the internal ip addresses of the tunnel 
> machines talk with other internal addresses on the other side of the tunnel?
> Example Set Up:
> Packets from say 192.168.0.2 to 192.168.1.1 and back
> (192.168.0.0/24 Lan)-(192.168.0.1 Internal)->(200.0.0.1 
> Interface)===IPSEC TUNNEL===(200.0.0.2 Inteface)<-(192.168.1.1 
> Internal)-(192.168.0.1/24 Lan)
> 
> I can see the packets from 192.168.0.2->192.168.1.1 under tcpdump of 
> 200.0.0.2 as a (ipip) Packet from 200.0.0.1->200.0.0.2 having 
> 192.168.0.2->192.168.1.1 listed but the packet just seems to disappear 
> after that. It does not show up under lo0 or the internal interface.

because the network behind the gateway 200.0.0.2 is 192.168.0.1/24
as you descirbed.  any packet to 192.168.1.1 can not be routed by
200.0.0.2.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message