[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec Questions.

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: IPSec Questions.
From: Greg Thomas <getbsd_(_at_)_sbcglobal_(_dot_)_net>
Date: Sun, 24 Nov 2002 15:01:21 -0800

On Sunday, Nov 24, 2002, at 14:37 US/Pacific, Craig Hammond wrote:

Also it seems that the PC running isakmpd can't talk to the private
IP's on the other size of the tunnel. Is this correct, or have I done
something wrong.

Also quite normal, as it sounds like your tunnel does not include the
endpoints. Look at the generated SAs (netstat -rn -f encap), the >peer
addresses are not part of them.
If you want them included, create tunnels for them as well. In a
"typical" setup, this means a total of four tunnels(/Connections).
Thanks for that info, but how do I create those extra two tunnels???

Considering my newbieness take this with a grain of salt. But I believe under Phase 2 on both hosts add 3 more Connections=, and under the tags for Remote-ID and Local-IDs change ID_type= from IPV4_ADDR_SUBNET to IPV4_ADDR, and change Network= to Address= where appropriate.

At a high-level you have a tunnel from network from network, but now you need to add network1 to host2, network 2 to host1, and I think host1 to host2.

Hopefully Hakan will check in if I'm way off on this.

Greg

Prev by Date: Re: Some real documentation on tuning
Next by Date: Still trying to solve a serious problem with the disk drivers.
Previous by thread: Question on CVS usage
Next by thread: Still trying to solve a serious problem with the disk drivers.
Index(es):
- Date
- Thread

Visit your host, monkey.org