> I am trying to set up a VPN with IPsec - Dachstein v1.0.2-ipsec (modified by > Lynn Avant). I am using VmWare on a W2000 for the test environment. > > My test configuration is (192.168.1.254 / > 12.247.85.201) -----(VMnet2)----- (212.247.85.202 / 192.168.2.254) > > ping from 212.247.85.201 to 212.247.85.201 and v.v. OK - I am using PSK > > Problem: Cannot ping from one side of the tunnel to the other > > So far I understand everything works as it should. The ports 50, 51 and udp > 500 are open, the tunnel goes up and IPsec creates the route as it should. > As I cannot use eth0_DEFAULT_GW in the networks script and > leftnexthop/rightnexthop in IPsec this uncomment. > > I have been trying to get this to work for some weeks and am now starting to > be really frustrated and would be very thankful for any help.
Looks like you're setting up a subnet to subnet tunnel. Remember that with this setup, the two VPN gateways WILL NOT be able to ping each other through the tunnel (you need a host-host tunnel for that). Nor will the gateways be able to see systems on the remote sunbet (you need a host-subnet tunnel for that). So make sure you're testing pings between systems on the subnets *BEHIND* the VPN gateway on each end, rather than using the gateways themselves. See the FreeS/WAN documentation for details, and how to get around this limitation with advanced routing rules that specify the source IP. Other than that, I would strongly suggest not using vmware to test this application. That throws a whole additional layer of complexity onto an already complicated configuration, and I guarantee you there are few folks who have experience with running FreeS/WAN under vmware, so you're increasing your potential problems, and reducing your available help. Finally, while the barf is helpful, it doesn't tell us what you're trying to setup. Since most problems with IPSec are due to setup problems, you need to tell us more details about what you're trying to setup (and how you test for success/failure), then we can compare what you want with your configuration info in the barf... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ------------------------------------------------------- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
