Date: Wed, 23 Jun 2010 10:52:19 +0200 From: <ralf@dzie-ciuch.pl> To: VANHULLEBUS Yvan <vanhu@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: vpn trouble Message-ID: <dd3c900149350c5a4cb20b50d8f84741@ewipo.pl> In-Reply-To: <20100623084519.GA74491@zeninc.net> References: <20100622190819.270aaa74@gda-arsenic> <4f378cfb416582c3081377ba714e508a@ewipo.pl> <20100622201130.5824d585@gda-arsenic> <20100622182242.GU2620@verio.net> <20100622204107.6c604c17@gda-arsenic> <e0ec3f73645a733f318ba5664abf6472@ewipo.pl> <20100623080555.GB74303@zeninc.net> <5e8d1141ecf3d922c00114e41585a67f@ewipo.pl> <20100623083228.GA74453@zeninc.net> <a5c9ad94743d6f4d709ce181fb5b1894@ewipo.pl> <20100623084519.GA74491@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Looks like, but if you still can't ping, you still have an issue > somewhere :-) > > First, check that you now have ESP packets going out from your IPsec > gate when you try to ping. > > > Then, usual issues at that step are: > > - something on the way blocks ESP packets. Solution may be to force > NAT-T (add "nat_traversal force;" line in remote section). > > - IPsec peers has some filtering rules/ACLs which blocks your traffic > after IPsec. > > - Peer does not have a default route, or somethinng like that which > prevents it to reply to you. > > Anyways, the best tool now to see what happens is tcpdump.... on > peer's side !!!! > When on one console i type tcpdump -i gif0 I don't receive any values! So I thing I should set route do it right? Can you tell me how to do it? netstat -rn print something like this: Destination Gateway Flags Refs Use Netif Expire default 78.x.x.x UGS 3 49544466 bce1 10.10.1.90 10.20.0.1 UH 2238 13439 gif0 Is it ok? or I do something wrong? Ralf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dd3c900149350c5a4cb20b50d8f84741>