Hi,
some thoughts to your trials
> The machine that I have installed in on is a firewall
> machine, hiding a
> locallan. I am using iptables (NAT).
>
> When I try the test suggested in the doc, using conn
> me-to-anyone, by using
> auto=route. I can ping oetest.freeswan.org and for example
> www.yahoo.com.au, from the linux box.
>
> When I go a machine on the locallan, I can still ping
> oetest.freeswan.org,
> but I can not ping www.yahoo.com.au.
do these pings go out via ipsec0 or eth0? (tcpdump -i ipsec0)
> I made the necessary changes to my firewall config, basically
> allowing all
> traffic in/out on ipsec0 and add MASQ for ipsec0 in the nat table.
I haven't read the example about oetest.freeswan.org, but usually you
must not masquerade traffic on ipsec. If you do, traffic could get
masqueraded before arriving at the ipsec interface and freeswan doesnt
know how to route.
How does the routing table look like? What does 'ipsec eroute' say? Have
you tried to turn on debugging?
Andreas
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST