[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: IPsec problems
- From: "Eric P. McCoy" <ctr2sprt_(_at_)_cox_(_dot_)_net>
- Date: Tue, 15 Jul 2003 01:38:57 -0400
OK, I am trying to do a simple enough IPsec setup: I want to join two
private-address networks over the Internet. Both networks are protected
by a NAT firewall. My side is an OpenBSD box; the other side is a Cisco
PIX (or something, not clear on the details).
After much reading we were able to get everything configured correctly,
or so we thought. My problem is a very simple one: the packets destined
for the foreign LAN are getting sent out into the Internet at large and
eventually discarded, instead of being sent along the IPsec tunnel.
Obviously I need to set up some sort of route, but nothing says what or
how (or, for that matter, why isakmpd doesn't do it for me - all the
docs seem to suggest that it should).
I guess I ought to describe exactly what I've done. Obviously I've
forgotten some step, and I'm sure it's simple.
1. Create isakmpd policy and conf file from templates, modified for my
2. Add firewall rules allowing the needed traffic (udp port 500,
protocol esp, enc0 interface).
3. Run isakmpd.
Pings are definitely arriving at the machine. I confirmed this with
tcpdump. Pings are definitely not leaving via IPsec. Confirmed this
one with tcpdump too.
Any help would be greatly appreciated. Thanks!