vpn trouble
ralf at dzie-ciuch.pl
ralf at dzie-ciuch.pl
Wed Jun 23 08:53:10 UTC 2010
>
> Looks like, but if you still can't ping, you still have an issue
> somewhere :-)
>
> First, check that you now have ESP packets going out from your IPsec
> gate when you try to ping.
>
>
> Then, usual issues at that step are:
>
> - something on the way blocks ESP packets. Solution may be to force
> NAT-T (add "nat_traversal force;" line in remote section).
>
> - IPsec peers has some filtering rules/ACLs which blocks your traffic
> after IPsec.
>
> - Peer does not have a default route, or somethinng like that which
> prevents it to reply to you.
>
> Anyways, the best tool now to see what happens is tcpdump.... on
> peer's side !!!!
>
When on one console i type tcpdump -i gif0 I don't receive any values!
So I thing I should set route do it right?
Can you tell me how to do it?
netstat -rn print something like this:
Destination Gateway Flags Refs Use Netif Expire
default 78.x.x.x UGS 3 49544466 bce1
10.10.1.90 10.20.0.1 UH 2238 13439 gif0
Is it ok? or I do something wrong?
Ralf
More information about the freebsd-net
mailing list