-----BEGIN PGP SIGNED MESSAGE----- On Monday 18 August 2003 02:20, Brent Addis wrote: > Hey. > > Im having a few problems with freeswan 1.99, and an XP Roadwarrior using > Marcus Müller's > When I connect with the roadwarrior from local subnet (however outside the > firewall), it works just fine. > However when I try remotely, with the same machine, it doesnt.
I suspect it's your roadawrrior-inet2 connection. It's fairly useless; when the firewall decrypts and forwards packets to machines on the 202.180.65.160/27 subnet, unless you've really played with the routing, responses will go out via the default gateway, *NOT* back to the Firewall and down the tunnel to the RW. Your observation that the Roadwarrior is fine when it's sitting on the 202.180.65.160/27 (local) subnet also suggests that the roadwarrior-inet2 conn is at fault. Even after a successful negotiation, the link local route to that subnet should take precedence, and IPsec processing would not get involved. Maybe the XP client is getting confused when a security gateway is included in one of its own IPsec subnet definitions? Try removing this conn, see if it makes a difference. You could also use tcpdump on the gateway to see if it is actually receiving the "lost" ping requests. - -- Sam Sgro [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address. iQCVAwUBP0CGUUOSC4btEQUtAQHr4AP/ZcVTxcN6GWWiVflHHa7u3V2tbr1zlnPk GWbwk4YWqXxI8Q2Z9k0Y5g1JNSpGk1E5t6RnyggzlSspAiXOwAh59INhf0z+21dA x0crSH0Sn5aFy4bawwMr85zBIJv5T3M0xynBh54RDsOHtT9gK5zCPfbrDSvTrmm5 USvuJeEF9f0= =OCca -----END PGP SIGNATURE----- _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
