On Tue, Dec 05, 2006 at 07:48:26AM -0600, Ryan Corder wrote:
> On Tue, 2006-12-05 at 12:06 +0900, Mathieu Sauve-Frankel wrote:
> > > now, I got the tunnel setup just fine using just ipsec.conf. I was just
> > > curios if there was a quick and simple way to to test traffic through
> > > the tunnel since it is just a host to host configuration.
> >
> > I'm curious to know why you don't think ping is a good tool to test
> > this with ? run ping and run tcpdump. if tcpdump shows esp packets
> > well you can assume the tunnel is working. If the tunnel shows icmp
> > packets your tunnel probably doesn't work.
>
> I never said that ping wasn't a good test...if I could use ping I would.
> However, in the setup where I have two machines, A and B that have
> addresses 192.168.2.5 and 192.168.2.6 respectively and an IPSec tunnel
> setup as so:
> A - ike esp from 192.168.2.5 to 192.168.2.6
> B - ike esp from 192.168.2.6 to 192.168.2.5
> trying to ping the other's address doesn't go out via the enc0
> interface, but the regular bge0 default interface.
>
> or am I completely wrong on this one?
I presume you are correct, but ping *should* use the enc0 interface.
Joachim
