From: Philip Burrow (phil.burrow_at_blueyonder.co.uk)
Date: Tue Sep 10 2002 - 18:46:51 CEST
> On Mon, 9 Sep 2002, Philip Burrow wrote:
>
> > to be able to ping the internal interface of each gateway (10.0.0.1 and
> > 10.0.1.1).
> >
> > Should I be able to with one subnet-to-subnet tunnel, given that both
> > gateways are included in the subnet definition for that tunnel?
>
> Yes, if your application can bind to the inside IP. Most daemons can. Most
> versions traceroute and ping support it too (with -I or -s). You can also
> use the "ip route change" command to force linux to select the inner ip as
> 'default;.
Well I can't ping these IP's at the moment (but can ping any other IP's on
their subnets), but if I should be able to as you and Steve Bevan have said,
then it's obviously something I've done which is stopping it working. Next
question is, should I be able to ping the external IP's *at all* from
anywhere on my subnets or from the gateways? Because I can't whilst ipsec is
running.
> > I have done a tcpdump and it shows the echo requests coming in on ipsec0
> > (I've tried pinging both ways and get the same) but shows no reply going
> > out. Is this a FreeSWAN issue at all? Do I need to set up 4 tunnels to
cover
> > the combinations of subnets to gateways?
>
> You're likely pinging with the public IP. If not, something else is wrong.
> Perhaps rp_filter settings.
rp_filter is 0 at both ends afaik. Does it need to be changed for the
internal NIC's as well?
Phil
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Wed Sep 11 2002 - 05:19:58 CEST