From owner-freebsd-net@FreeBSD.ORG  Wed Jun 23 08:53:10 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 90CF51065675;
	Wed, 23 Jun 2010 08:53:10 +0000 (UTC)
	(envelope-from ralf@dzie-ciuch.pl)
Received: from mail.ewipo.pl (mail.ewipo.pl [94.23.240.128])
	by mx1.freebsd.org (Postfix) with ESMTP id 4E5898FC1B;
	Wed, 23 Jun 2010 08:53:10 +0000 (UTC)
Received: from mail.ewipo.pl (localhost [127.0.0.1])
	by mail.ewipo.pl (Postfix) with ESMTP id B917A22919;
	Wed, 23 Jun 2010 10:53:02 +0200 (CEST)
X-Virus-Scanned: amavisd-new at wrealizacji.pl
Received: from mail.ewipo.pl ([127.0.0.1])
	by mail.ewipo.pl (mail.ewipo.pl [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id QtNootq9N1Vh; Wed, 23 Jun 2010 10:53:01 +0200 (CEST)
Received: by mail.ewipo.pl (Postfix, from userid 80)
	id 10B092299D; Wed, 23 Jun 2010 10:52:19 +0200 (CEST)
To: VANHULLEBUS Yvan <vanhu@FreeBSD.org>
X-PHP-Script: poczta.wrealizacji.pl/index.php for 89.171.191.50
MIME-Version: 1.0
Date: Wed, 23 Jun 2010 10:52:19 +0200
From: <ralf@dzie-ciuch.pl>
In-Reply-To: <20100623084519.GA74491@zeninc.net>
References: <20100622190819.270aaa74@gda-arsenic>
	<4f378cfb416582c3081377ba714e508a@ewipo.pl>
	<20100622201130.5824d585@gda-arsenic>
	<20100622182242.GU2620@verio.net>
	<20100622204107.6c604c17@gda-arsenic>
	<e0ec3f73645a733f318ba5664abf6472@ewipo.pl>
	<20100623080555.GB74303@zeninc.net>
	<5e8d1141ecf3d922c00114e41585a67f@ewipo.pl>
	<20100623083228.GA74453@zeninc.net>
	<a5c9ad94743d6f4d709ce181fb5b1894@ewipo.pl>
	<20100623084519.GA74491@zeninc.net>
Message-ID: <dd3c900149350c5a4cb20b50d8f84741@ewipo.pl>
X-Sender: ralf@dzie-ciuch.pl
User-Agent: EWIPO Webmail/0.3.1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Cc: freebsd-net@freebsd.org
Subject: Re:    vpn trouble
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jun 2010 08:53:10 -0000



> 
> Looks like, but if you still can't ping, you still have an issue
> somewhere :-)
> 
> First, check that you now have ESP packets going out from your IPsec
> gate when you try to ping.
> 
> 
> Then, usual issues at that step are:
> 
> - something on the way blocks ESP packets. Solution may be to force
>   NAT-T (add "nat_traversal force;" line in remote section).
> 
> - IPsec peers has some filtering rules/ACLs which blocks your traffic
>   after IPsec.
> 
> - Peer does not have a default route, or somethinng like that which
>   prevents it to reply to you.
> 
> Anyways, the best tool now to see what happens is tcpdump.... on
> peer's side !!!!
> 

When on one console i type tcpdump -i gif0 I don't receive any values!
So I thing I should set route do it right?

Can you tell me how to do it?

netstat -rn print something like this:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            78.x.x.x     UGS         3 49544466   bce1
10.10.1.90         10.20.0.1          UH       2238    13439   gif0

Is it ok? or I do something wrong?

Ralf