Brooks R. Robinson, 2001-Nov-30 08:46 -0600: > Greetings, > Okay gang, I need help again. I'm doing the vpn thing with secvpn. > I've > got routing issues. Let me first run down the systems: > > System #1 (foo) > ---------------------- > Linux foo 2.4.12 #1 Wed Nov 21 08:34:48 CST 2001 i686 unknown > running on fairly recent woody > > eth1 Link encap:Ethernet HWaddr 00:50:BA:F3:EC:3A > inet addr:192.168.100.100 Bcast:192.168.100.255 > Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:392228 errors:0 dropped:0 overruns:0 frame:0 > TX packets:172 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:24167762 (23.0 Mb) TX bytes:38967 (38.0 Kb) > Interrupt:9 Base address:0xef20 > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.1.1.1 P-t-P:10.1.1.2 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:3857 errors:1 dropped:0 overruns:0 frame:0 > TX packets:3850 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:323536 (315.9 Kb) TX bytes:323124 (315.5 Kb) > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 10.1.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 172.16.0.0 10.1.1.2 255.255.0.0 UG 0 0 0 ppp0 > > Chain input (policy ACCEPT): > Chain forward (policy ACCEPT): > Chain output (policy ACCEPT): > > This machine is the initiator for the secvpn vpn. I've removed the > references to internet for obvious reasons. > > > > System #2 (bar) > ------------------------ > Linux bar 2.2.19 #1 Thu Nov 1 19:52:06 EST 2001 i586 unknown > running on fairly recent potato > > eth1 Link encap:Ethernet HWaddr 00:08:C7:05:61:36 > inet addr:172.16.1.43 Bcast:172.16.255.255 Mask:255.255.0.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:11 Base address:0x8000 > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.1.1.2 P-t-P:10.1.1.1 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:6638 errors:0 dropped:0 overruns:0 frame:0 > TX packets:6645 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:10 > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 10.1.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 192.168.100.0 10.1.1.1 255.255.255.0 UG 0 0 0 ppp0 > 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 > > Chain input (policy ACCEPT): > Chain forward (policy ACCEPT): > Chain output (policy ACCEPT): > > This machine is the recipient for the secvpn vpn. I've removed the > references to internet for obvious reasons. > > So here's the scoop. I can ping 172.16.1.43 from foo, and I can ping > 192.168.100.100 from bar. I can ssh to and from both, and they connect > without a hitch. The problem is that I can't ping 192.168.100.1 from bar, > and I cannot 172.16.1.1 from foo. If I try to traceroute 192.168.100.1 from > bar it gets as far as 10.1.1.1 and dies out. Help, help, help. > > Thanks, > > Brooks
What interface has 192.168.100.1 and 172.16.1.1? You don't indicate where they are or what the path should be to get there. I assume the default routes for each were omitted, and point to you internet provider. On your successful pings, use a traceroute for those to confirm the path they are taking to help troubleshoot. jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User
