i agree lets try again! hi folks > Date: Fri, 1 Jun 2012 10:55:09 -0700 > From: tyl...@tradetech.net > To: genesi...@hotmail.com > Subject: Re: ipsec routing dinamic ip over adsl > > On 5/31/2012 7:31 PM, carlos albino garcia grijalba wrote:
i have the following problem remote office connect to my vpn server in order to connect to the internals over the ipsec tunnel the office has ip phones to connect to call manager over the 192.168.0.0/16 the ip phone 192.168.30.2/28 so the ip phone connect correct but thereis another ip client a watch the people wants to excract info from the watch who is over the net 172.1.100.1 th PC that whants to connect to runs over the 10.0.0.89 but i can reach the watch and the watch can not ping over the 172 address space the clientit is a cisco router over ADSL line so DInamic public IP is on172.1.100.1 --X192.168.30.2--OK vpn openbsd server ipsec.conf ike passive esp from any to {192.168.0.0/16, 10.0.0.0/16, 172.1.0.0/16} peer any \ main auth hmac-sha1 enc aes-128 group modp1024 \ quick auth hmac-sha1 enc aes-128 psk 1234ABC ike passive from {192.168.0.0/16, 10.0.0.0/16, 172.1.0.0/16} to any \ main auth hmac-sha1 enc aes-128 group modp1024 \ quick auth hmac-sha1 enc aes-128 psk 1234ABC ifconfig bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:11:85:f1:cb:6b priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet A.B.C.D netmask 0xffffff00 broadcast 148.235.89.255 inet6 fe80::211:85ff:fef1:cb6b%bge0 prefixlen 64 scopeid 0x1 re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:22:6b:bd:8a:1e priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::222:6bff:febd:8a1e%re0 prefixlen 64 scopeid 0x2 rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:50:bf:05:3f:6b priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.100.210 netmask 0xffffff00 broadcast 192.168.100.255 inet6 fe80::250:bfff:fe05:3f6b%rl0 prefixlen 64 scopeid 0x3 enc0: flags=0<> priority: 0 groups: enc status: active ipsecctl -sall FLOWS: flow esp in from 192.168.30.0/28 to 192.168.0.0/16 peer 187.131.59.237 srcid 148.235.89.18/32 dstid 187.131.59.237/32 type use flow esp out from 192.168.0.0/16 to 192.168.30.0/28 peer 187.131.59.237 srcid 148.235.89.18/32 dstid 187.131.59.237/32 type require SAD: esp tunnel from 187.131.59.237 to 148.235.89.18 spi 0xbed90da8 auth hmac-sha1 enc aes esp tunnel from 148.235.89.18 to 187.131.59.237 spi 0xda01bfaa auth hmac-sha1 enc aes netstat -nr -f encap Routing tables Encap: Source Port Destination Port Proto SA(Address/Proto/Type/Direction) 192.168.30.0/28 0 192.168/16 0 0 187.131.59.237/esp/use/in 192.168/16 0 192.168.30.0/28 0 0 187.131.59.237/esp/require/out