Hi Daniel,
Thanks very much. ^__^
we are doing a test with others, so we do not know what kind of security
gateway they are using. But i could give you the logs.
I am curious that why the third proposal in IKE_SA_INIT message (in the
attached wireshark log) has up to 21 Transform
Hi all,
I saw in ipsec.conf that nat_traversal configuration is only for IKEv1.
why it is non-configured in IKEv2? it should be optional, right? if i want to
disable nat traversal in ikev2, what should i do?
Thanks.
___
您的生活即時通 -
weiping deng wrote:
I initiate ping form HNB (192.168.253.88 --- virtual ip) to GW
(192.168.253.98- additional ip), but from tcpdump, I see:
Only the packages go through normal tunnel (172.19.2.118 - 172.19.2.247)
is ESP.
And
The packages go through virtual tunnel (192.168.253.88
Hello All,
We're grappling with an access-to-local-subnet-when-the-tunnel-is-up
problem.
After a tunnel is brought up, the routing table is thus:
*# ip route show*
192.168.50.0/24 dev eth0 proto kernel scope link src 192.168.50.154
default via 192.168.50.1 dev eth0
*# ip route show table 220*
Hello Graham,
this is a well known problem when all Internet traffic is going to
be tunnelled via IPsec (rigthsubnet=0.0.0.0/, i.e. no split-tunneling)
but local traffic should not go through the tunnel.
The correct way to handle this is to define a passthrough IPsec policy
for the local network
Hi Graham,
could you please post the output of
ip xfrm policy
Hi Andreas,
I guess that the problem is a different one.
Graham uses two different source IP addresses depending on whether the
traffic is destined for the local subnet or any other host on the Internet.
He uses 192.168.50.154 as