[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3.5: stupid VPN problem

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: 3.5: stupid VPN problem
From: <nickf3_(_at_)_mail_(_dot_)_ru>
Date: Wed, 05 May 2004 06:26:39 +0400
Reply-to: <nickf3_(_at_)_mail_(_dot_)_ru>

Toni,

look at the inet routing table (your west):

Internet:
Destination        Gateway            Flags     Refs     Use    Mtu  Interface
10/8               link#2             UC          1        0      -   fxp1
10.1.0.12          0:2:b3:e7:a0:d6    UHLc        1       32      -   fxp1
127/8              127.0.0.1          UGRS        0        0  33224   lo0
127.0.0.1          127.0.0.1          UH          2        0  33224   lo0
172.17.16/24       link#1             UC          0        0      -   fxp0
172.17.16.1        127.0.0.1          UGHS        0        0  33224   lo0
192.168.1/24       link#1             UC          1        0      -   fxp0
192.168.1.10       0:d0:b7:b2:b2:e4   UHLc        7    43527      -   fxp0
224/4              127.0.0.1          URS         0        0  33224   lo0

No mentioning of 192.168.2/24 (your east),
i.e. no route. Try pinging _internal_ host
on the east subnet from _internal_ host on
the west subnet. I bet you'll see the traffic.
Or even simpler:
  <west>$ ping -I 192.168.1.106 <east-inner-host>

This means that only packets entering vpn
gateway on subnet interface (your fxp0) and
destinned for the other subnet get routed
via enc. You can add a static route, but
that's not necessary if the traffic
is really subnet-to-subnet, and not
gateway-to-gateway.

Hope this helps.
--
 nickf3

Follow-Ups:
- Re: 3.5: stupid VPN problem
  - From: jared r r spiegel

Prev by Date: Re: ppp(oe) reconnect fails with "Already in NETWORK phase"
Next by Date: Arquivo nao permitido encontrado na mensagem "something for you"
Previous by thread: Re: SOLVED: stupid VPN problem
Next by thread: Re: 3.5: stupid VPN problem
Index(es):
- Date
- Thread

Visit your host, monkey.org