On 08/25/2011 03:24 AM, Erich Titl wrote:
However, when I try to send an icmp echo request to the remote network I
see the packet coming from the configured virtual address, but
travelling in the clear, not in the tunnel. The reply though is sent
through the tunnel.
...
>
> s:policy-level:auto
> s:policy-list-include:172.29.0.0 / 255.255.0.0
>
Hi Erich,
Based on the source and destination of the plaintext traffic being
private addresses, obviously it's possible to reach from the Shrew
client PC to the remote network in some path other than the tunnel.
Perhaps that path (route) has a lower metric than the VPN route, and is
thus used instead of the tunnel route.
I would suggest connecting to the VPN, then checking your Shrew client's
routing table. Check to see if the route directing traffic to the
172.29.0.0 network through the tunnel interface has a lower metric than
any other route that might apply.
If you're not sure, feel free to post the routing table here and we can
look at it.
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
