Date: Sun, 19 Aug 2001 20:08:34 +0400 From: "Alex S. Burba" <burba@okbmei.msk.su> To: Travis Leuthauser <lists-freebsd-net@crimsonwasteland.com> Cc: freebsd-net@freebsd.org Subject: Re: IPSec VPN tunnel question Message-ID: <3B7FE482.FA1F2E8D@okbmei.msk.su> References: <OLEPKBMLIHCGDKLGKPJGMEIADNAA.lists-freebsd-net@crimsonwasteland.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> What do you mean by "what ping/traceroute keys"? As I can see your SPD says that packets ONLY from 172.16.250.0/24 TO 172.16.69.0/24 should be tunneled and vice versa. But the command 'ping 172.16.250.1' equals to 'ping -S 24.181.119.107 172.16.250.1' and your polices do not permit such packets from 24.181.119.107 to 172.16.250.1 to be tunneled. So you should use command 'ping -S 172.16.69.1 172.16.250.1'. Keep in mind that IPSec just simply DROPS packets which are not permited by the policies or by the SAD. So you can see in tcpdump that something goes over the tunnel, but it can be only dropped packets. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B7FE482.FA1F2E8D>