From owner-freebsd-questions Thu May 17 17:55:31 2001 Delivered-To: freebsd-questions@freebsd.org Received: from wattres.Watt.COM (wattres.watt.com [205.178.120.6]) by hub.freebsd.org (Postfix) with ESMTP id 44D0137B423 for ; Thu, 17 May 2001 17:55:28 -0700 (PDT) (envelope-from steve@Watt.COM) Received: (from steve@localhost) by wattres.Watt.COM (8.11.3/8.11.3) id f4I0tRn26746; Thu, 17 May 2001 17:55:27 -0700 (PDT) (envelope-from steve) Message-Id: <200105180055.f4I0tRn26746@wattres.Watt.COM> X-Newsgroups: local.freebsd-questions In-Reply-To: <3B047B3A.27933.502C04@localhost> Organization: Watt Consultants, San Jose, CA, USA From: steve@Watt.COM (Steve Watt) Date: Thu, 17 May 2001 17:55:27 -0700 X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: questions@freebsd.org Subject: Re: Ipsec and routing Cc: brunomiguel@netcabo.pt Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: X-Loop: FreeBSD.ORG brunomiguel@netcabo.pt wrote: > [ ipsec working btwn 192.168.100.0/24 and 192.168.200.0/24 ] >Now I setup today a box C, VPN'ed 192.168.0.0/24 with box A. Everything >works fine between private subnets A and C, but I can't send from B to C, [ ... ] You need to add a policy to /etc/ipsec.conf that allows the packets to flow through; if you look at the spdadd commands, you'll see that your network numbers show up there. So you've got two choices: - Set up another pair of IPsec policies (and tunnels) between B and C, or - Set up another pair of IPsec policies (and tunnels) for the traffic you want to pass, both from B to A and from A to C. In other words, just fully mesh them. It's easier. -- Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.8" / 37N 20' 14.9" Internet: steve @ Watt.COM Whois: SW32 Free time? There's no such thing. It just comes in varying prices... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message