I strongly hope that's my mistake somewhere and not the ISP's. If the ISP blocks the IPSEC, could I connect to my office's VPN server? I still can do that before this experiment (removing ipsec module...).
The bad (and probably good -:)) news is that I do not see anything logged into /var/log/messages on my site after I ping the other site. Lynn mentioned that "But more likely, the route to the correct local subnet on each machine is missing" . How can I detect that and how to fix it. Thank you. ---------- Original Message ---------------------------------- From: "Charles Steinkuehler" <[EMAIL PROTECTED]> Date: Wed, 24 Apr 2002 12:58:55 -0500 > >Based on everything you've reported so-far, I would either suspect firewall >rules on the remote gateway (you only listed one side, so there could be >problems with the other end), or someone filtering IPSec traffic between >your two boxes. > >*MANY* ISP's are beginning to filter IPSec traffic for folks who don't pay >"business" class rates...it's easy to do, and usually prompts most actual >businesses to spend 2-3 times more for services. You might want to check >with local user groups, and/or any online forums discussing your particular >ISP(s), and see if they might be dropping your IPSec traffic. The symptoms >you're reporting are very consistent with protocol 50 traffic not making it >through the network between your two VPN boxes. > >I don't know of an easy way to test for this...with the two LEAF boxes at >either end, probabaly the easiest thing to do is run the following commands >on *BOTH* VPN gateway's: > >ipchains -I input -p 50 -l >ipchains -I output -p 50 -l > >This will cause *ALL* ESP (protocol 50) packets to get logged when entering >and leaving your firewall. If you see packets getting sent from one >mahcine, but not being recieved by the other end, you'll know something is >wrong, probably the ISP at one end or the other filtering the traffic... > >Charles Steinkuehler >http://lrp.steinkuehler.net >http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > >_______________________________________________ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
