You were right, part of my problem was that the system I tried to ping had no gateway whatsoever. Additionally I had some firewalling issues. I now made up a test-bed with FreeSwan on both sides to have a running connection which I then want to transfer to the LANCOM router. I reconfigured the firewalls on both sides to make sure that my packets are not hindered by them; i checked this by opening and closing them both repsectively. The tunnel itself seems to work; what I have left is still a routing issue.
My situation is now as follows : Pinging from the left side (dynamic IP) : pinging the right gateway and machines in the right subnet work Pinging from the right side (static IP) : no pings go through, regardless of firewall settings, forwarding is turned on (I suppose you mean /proc/sys/net/ipv4/ip_forward ?), the forward chain is "accept" when the firewall is open and still the packets never reach the ipsec interface on the right side (no increment in packet counts). I ping the left side with ping -I eth0 192.168.2.1 ; eth0 ist the card with the internal interface. I get answers like From 172.17.0.5 icmp_seq=2 Destination Host Unreachable which to my knowledge looks like a routing problem again ? My routing table on the right side looks as follows : Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface a.b.c.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 a.b.c.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 192.168.2.0 a.b.c.134 255.255.255.0 UG 0 0 0 ipsec0 172.17.0.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 a.b.c.134 0.0.0.0 UG 0 0 0 eth1 (a.b.c.133 is the external IP of the gateway, a.b.c.134 is the static IP of a router sitting between the gateway and the internet). I cannot see anything strange here. tcpdumping on eth0 shows entries like arp who-has 192.168.2.1 tell testmachine but why should the gateway ask on the eth0 interface for this IP when it has a route into the network via a different interface ? Any help is appreciated. Yours, Jakob Curdes _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
