your tunnel is between 193.189.180.192/28 and 193.189.180.208/28 On Thu, Nov 23, 2006 at 01:10:13PM +0100, Mitja wrote: > ... > OpenBSD1 > # ipsecctl -s all > FLOWS: > flow esp in from 193.189.180.208/28 to 193.189.180.192/28 peer > 172.16.16.6 type require > flow esp out from 193.189.180.192/28 to 193.189.180.208/28 peer > 172.16.16.6 type require > > ... > > Let's debug this on OpenBSD2: > # tcpdump -i bge0 icmp > tcpdump: listening on bge0, link-type EN10MB > 12:52:34.600017 172.16.16.6 > 193.189.180.193: icmp: echo request > 12:52:34.600443 172.16.16.5 > 172.16.16.6: icmp: net 193.189.180.193 > unreachable > 12:52:35.610009 172.16.16.6 > 193.189.180.193: icmp: echo request > 12:52:35.610386 172.16.16.5 > 172.16.16.6: icmp: net 193.189.180.193 > unreachable > 12:52:36.620010 172.16.16.6 > 193.189.180.193: icmp: echo request > 12:52:36.620332 172.16.16.5 > 172.16.16.6: icmp: net 193.189.180.193 > unreachable
however, you're icmps source address is 172.16.16.6, thus it does _not_ go through the tunnel. Use ping -I to set the source address to the interface into the 193.189.180.xxx network.
