> > > There's a tunnel between Server A and Server B. Server A is a standalone > machine trying to reach over the VPN tunnel to a host (10.0.1.50) that is > located in a subnet of Server B. Setup is the following: > $ cat /etc/hostname.enc0 >
Haven't done ipsec on obsd for a while now, but are you really supposed to have single-tunnel content in hostname.enc0? The enc interfaces are not to ipsec what tuns are to say openvpn. It is more of a looking glass into what ALL ipsec traffic is both in and out before and after decapsulation, instead of being a one-enc-per-tunnel, with ips and confs. http://www.openbsd.org/faq/faq17.html doesn't seem to mention the need for any edits of hostname.enc0, does it? -- May the most significant bit of your life be positive.
