Ack. User error. Kind of. "Allow IPv4 ICMP (ping) on External (EXT) Interface" was unchecked on the remote box. I would argue that I am not pinging the WAN NIC, but let's not split hairs. I think it might be working.
I can't test pinging another host on the remote subnet very easily because their route back to my local subnet is via our live firewall, not this new VPN. However, this looks like progress. Apologies for creating so much unnecessary work for people. Thanks for all the help Tom -----Original Message----- From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] Sent: 03 April 2012 16:19 To: AstLinux Users Mailing List Cc: Tom Chadwin Subject: Re: [Astlinux-users] IPsec Peers config Tom, Take a look at ipsec-vpn.conf, it is actually a script that automatically sets the ENABLED shell variable based on the VPN rc.conf variable (among others). >From the CLI, when you issue $ arno-iptables-firewall restart you should see something like: -- IPsec VPN plugin v0.83BETA Loaded kernel module ipt_policy. Loaded kernel module iptable_nat. Applying rules for VPN nets .... Allowing internet hosts .... to access the VPN service -- Lonnie On Apr 3, 2012, at 10:08 AM, Tom Chadwin wrote: > Is the ENABLED var in the config file set to 1, or is it enabled > without that text file changing? > > Tom > > > -----Original Message----- > From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] > Sent: 03 April 2012 16:05 > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] IPsec Peers config > > > On Apr 3, 2012, at 9:48 AM, Michael Keuter wrote: > >> Am 03.04.2012 um 16:33 schrieb Lonnie Abelbeck: >> >>> Tom, >>> >>> You don't need to enable the IPsec VPN plugin, that is done > automatically, as the comment in the plugin states. >> >> I also needed to enable it manually (because it still was disabled, >> after > enabling IPSec (on 0.7.10 though)), otherwise it didn't work for me. > > I just tested it, and the IPsec VPN plugin is enabled automatically. > > Lonnie > > > > ---------------------------------------------------------------------- > ------ > -- > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. > Free. > http://p.sf.net/sfu/Boundary-dev2dev > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ---------------------------------------------------------------------- > -------- Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second resolution > app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. > > ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
