I am attempting to set up a test VPN, using two OpenBSD 3.7 systems as
gateways, and two WinXP clients.
The addressing scheme is as follows
client1 - ip:192.168.1.2 default gateway:192.168.1.1
gateway1
le1 - 192.168.2.1
le2 - 192.168.1.1
gateway2
le1 - 192.168.2.2
le2 - 192.168.3.1
client2 - ip:192.168.3.2 default gateway:192.168.3.1
I followed the instructions from vpn(8) for automated keying, although I
currently do not have pf enabled. The tests given in the man page,
modified for my addressing scheme, indicates the vpn is functioning. ie,
netstat -rn -f encap returns:
Routing tables
Encap:
Source Port Destination Port Proto
SA(Address/Proto/Type/Direction)
192.168.3/24 0 192.168.1/24 0 0
192.168.2.2/50/use/in
192.168.1/24 0 192.168.3/24 0 0
192.168.2.2/50/require/out
I am also able to successfully execute 'ping -I 192.168.1.1 192.168.3.1'
(the above is from gateway1, gateway2 is similar, with the appropriate
addresses switched.)
At this point, according to the man page, vpn(8), I should have a
functioning vpn. However, when I try to ping from client1 to 192.168.3.1
or to client2, or from client2 to 192.168.1.1 or to client 1, I receive:
from client1:
Reply from 192.168.1.1: Destination host unreachable.
from client2:
Reply from 192.168.3.1: Destination host unreachable.
I'm sure it's some detail I'm missing, but I'm stumped.
