From owner-freebsd-net Fri Jun 22 13:42:47 2001 Delivered-To: freebsd-net@freebsd.org Received: from mail.datausa.com (mail.datausa.com [207.174.131.1]) by hub.freebsd.org (Postfix) with ESMTP id 6A24A37B401; Fri, 22 Jun 2001 13:42:42 -0700 (PDT) (envelope-from brad@wcubed.net) Received: from localhost (brad@localhost) by mail.datausa.com (8.9.3/8.9.1) with ESMTP id OAA13474; Fri, 22 Jun 2001 14:35:16 -0600 (MDT) Date: Fri, 22 Jun 2001 14:35:16 -0600 (MDT) From: Brad Waite X-Sender: brad@mail.datausa.com To: Shoichi Sakane Cc: freebsd-net@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Problems with IPsec tunnel In-Reply-To: <20010622210338P.sakane@kame.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Soichi, Thanks for the response. As it turns out, the problem my own stupidity - I forgot to turn on IP forwarding on one of the gateways. sysctl -w net.inet.ip.forwarding=1 fixed things right up. :) And since you're coming from KAME, maybe you can answer something else for me. Can you tell me if I will run into any problems running NAT on my gateways? Thanks, Brad On Fri, 22 Jun 2001, Shoichi Sakane wrote: > > I'm having quite the time trying to set up a IPsec tunnel on 4.3-RELEASE. > > Host-to-host IPsec works fine - I can make connections all day long between my > > two gateways. But for the life of me, I can't get my windows boxen on each end > > to talk to the other. I've got identical psk.txt files (rw-------) on both > > gateways, but 10.0.1.2 can't ping 10.0.0.2 to save its life. I've told the PCs > > on each end to route the other's traffic through the near gate's inside addr, > > and still no go. IP forwarding is turned on and NAT is off on both gates as > > well as an "OPEN" fw ruleset. I've gone through the couple of HOW-TOs on the > > net, but while I understand exactly what they're saying, and I repeat the > > process, I can't get it working. > > Did you see any message on your gateways or your hosts ? > I think debugging message of raccoon and system messages could be help you. > and tcpdump also can be help to know what happened your network. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message