i did not find that specific line in the net ipfilter list command, however I did change the setting in the networ.conf file. however I still did not find that line in the above command. I got to thinking about the specific problem i'm having and thought I might try to give a little more information .. here goes
the machines are mostly stock dachstein, running udhcpd (instead of dhcpd/dhclient), w/ slightly modified subnets. Both machines are routing as designed, and all machines can ping the other gateway, internet is working fine). Although the ip address for each gateway is dynamic, they have stayed the same for atleast the last 2 months, so I have based my works on the assumed fact that these IPs will stay the same for a while longer. At any rate, for testing purpose they have stayed the same. subnet-home----------home---------internet---------office----------subnet-of fice 192.168.3.0/24----66.25.44.147-------------66.25.18.71--------192.168.1.0/24 IPSec loads without any noticable errors, except something out abour rp_filter should be 0, but reads 1 (or vice versa). If I understand correclty, once both machines are at this point I could ping the office subnet from the home subnet, and the opposite, however this does not work. So then I tried ' ipsec auto --up office ' .. and then this just hangs. sits for awhile (reading the logs says something about itializing office on MAIN). After a minute or so, I ctrl-break this and am unable to go any further. Thats about where I am .. and am stuck... joey ----- Original Message ----- From: "Charles Steinkuehler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "LRP Support" <[EMAIL PROTECTED]> Sent: Friday, March 08, 2002 5:46 PM Subject: Re: [Leaf-user] ipsec errors > > Where do I check to see if protocol 50 packets are being allowed through? > > I'll be working more on it this weekend.. I'd really like to get this > > working so I'll try just about anything.. even possibly step/by/step > support > > via phone (I'd beg someone to call my 800 number for a little > assistance... > > The primary source is the output of "net ipfilter list", which shows you > exactly how your firewall rules are setup. You're looking for a line > allowing protocol 50, preferrably with non-zero byte/packet counts: > > 1843 356K ACCEPT 50 ------ 0xFF 0x00 eth0 <snip> > > You open protocol 50 traffic with the following in network.conf: > EXTERN_PROTO0="50 0/0" > > Of course, you can change the 0/0 (the entire internet) to the address (or > network) of your remote VPN link, if it's static. > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
