yes u gota problem Sir: now u do this: echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter echo "0" > /proc/sys/net/ipv4/conf/ipsec0/rp_filter
then: ipsec setup --restart I don't know how u setup your /etc/ipsec.conf... if u have it auto=add line to your conn.. then ready to go.. u almost there... good luck Upnet Joe. ----- Original Message ----- from: "joey officer" <[EMAIL PROTECTED]> To: "Charles Steinkuehler" <[EMAIL PROTECTED]>; "LRP Support" <[EMAIL PROTECTED]> Sent: Saturday, March 09, 2002 11:21 AM Subject: Re: [Leaf-user] ipsec errors > i did not find that specific line in the net ipfilter list command, however > I did change the setting in the networ.conf file. however I still did not > find that line in the above command. I got to thinking about the specific > problem i'm having and thought I might try to give a little more information > .. here goes > > the machines are mostly stock dachstein, running udhcpd (instead of > dhcpd/dhclient), w/ slightly modified subnets. Both machines are routing as > designed, and all machines can ping the other gateway, internet is working > fine). Although the ip address for each gateway is dynamic, they have > stayed the same for atleast the last 2 months, so I have based my works on > the assumed fact that these IPs will stay the same for a while longer. At > any rate, for testing purpose they have stayed the same. > > subnet-home----------home---------internet---------office----------subnet-of > fice > 192.168.3.0/24----66.25.44.147-------------66.25.18.71--------192.168.1.0/24 > > IPSec loads without any noticable errors, except something out abour > rp_filter should be 0, but reads 1 (or vice versa). If I understand > correclty, once both machines are at this point I could ping the office > subnet from the home subnet, and the opposite, however this does not work. > So then I tried ' ipsec auto --up office ' .. and then this just hangs. > sits for awhile (reading the logs says something about itializing office on > MAIN). After a minute or so, I ctrl-break this and am unable to go any > further. > > Thats about where I am .. and am stuck... > > joey > > > ----- Original Message ----- > From: "Charles Steinkuehler" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; "LRP Support" > <[EMAIL PROTECTED]> > Sent: Friday, March 08, 2002 5:46 PM > Subject: Re: [Leaf-user] ipsec errors > > > > > Where do I check to see if protocol 50 packets are being allowed > through? > > > I'll be working more on it this weekend.. I'd really like to get this > > > working so I'll try just about anything.. even possibly step/by/step > > support > > > via phone (I'd beg someone to call my 800 number for a little > > assistance... > > > > The primary source is the output of "net ipfilter list", which shows you > > exactly how your firewall rules are setup. You're looking for a line > > allowing protocol 50, preferrably with non-zero byte/packet counts: > > > > 1843 356K ACCEPT 50 ------ 0xFF 0x00 eth0 <snip> > > > > You open protocol 50 traffic with the following in network.conf: > > EXTERN_PROTO0="50 0/0" > > > > Of course, you can change the 0/0 (the entire internet) to the address (or > > network) of your remote VPN link, if it's static. > > > > Charles Steinkuehler > > http://lrp.steinkuehler.net > > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > > > > _______________________________________________ > > Leaf-user mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
