--- Quoting [EMAIL PROTECTED] on 2005/08/24 at 18:35 +0200: > 1) From Client1, I cannot ping its default gateway (.3.254) anymore. No ping > replies. ssh connection is frozen.
What machine and interface is .3.254 on? From the information below it does not look like it's on PC_B. PC_B is .3.70. > 2) If I run a tcpdump -i rl1, I see that the pings from Client1 to PC_B are > *routed* to PC_A!! Of course, PC_A doesn't know what to do with them; > something is getting back, however (encrypted) : > # tcpdump -i rl1 > 17:54:15.803747 esp 10.0.0.6 > 10.0.0.1 spi 0x1F3A4307 seq 70 len 132 (DF) > 17:54:15.810208 esp 10.0.0.1 > 10.0.0.6 spi 0x8A4C7C72 seq 58 len 132 (DF) Doubtful. You have no idea what packets are encapsulated here. Do your sniffing on enc0 instead. > 6) Not all of PC_B 's traffic is going through the tunnel; for example, DNS > queries are still in clear: netstat -rnf encap is your friend. You are not building a phase-2 connection that includes 10.0.0.x so no encryption for you. Same reasoning applies to your ping from 10.0.0.1 to .6. .joel
