Really dumb question, but is IP Masquerading turned on by default? Joey
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Thursday, April 04, 2002 7:55 AM To: Rein Inge Hoff; [EMAIL PROTECTED] Subject: Re: [Leaf-user] VPN tunnel up, but can't reach other subnet !!! WARNING !!! Danger Will Robinson! It looks like you're running IPSec *AND* loading the ip_masq_ipsec kernel module. I don't even know how this is possible, but it's definately *WRONG*. You need to make sure you're using a kernel with KLIPS (IPSec in the kernel name on my website). The default CD-ROM kernel contains IPSec, but the default floppy kernel doesn't. Do *NOT* load the ipsec masquerading module...KLIPS (firewall=VPN Gateway) and ipsec masquerading (ipsec client on an internal system) are incompatible. Confusing, but saddly, it's the current state of affairs. Note this also means you cannot use the firewall as a VPN gateway while masquerading internal IPSec clients...the funtions are mutually exclusive. Otherwise, your config looks to be OK... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ----- Original Message ----- From: "Rein Inge Hoff" <[EMAIL PROTECTED]> # ipsec look firewall Wed Feb 28 14:43:44 UTC 2001 192.168.1.0/24 -> 192.168.0.0/24 => [EMAIL PROTECTED] [EMAIL PROTECTED] (0) ipsec0->eth0 mtu=16260(1500)->1500 ------------- # lsmod | grep ipsec ip_masq_ipsec 7328 0 (unused) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
