From: Sam Sgro (sam_at_freeswan.org)
Date: Wed Oct 30 2002 - 22:36:00 CET
-----BEGIN PGP SIGNED MESSAGE-----
> ping is done from 10.1.2.x to 10.1.10.x (No, not from or to the gateways ip
> in the corresponding private subnet, but from and to another machine)
>
> But I found out something else: The eroute which is supposed to be found is
> indeed [public IP GWA] --> [private subnet B] although the ping is NOT done
> from the gateway !
The subnet-to-subnet eroute should cover this ping; if klips is searching for
a gw->subnet eroute when you ping from subnet-to-subnet, then I'd predict the
packet is being rewritten before the ipsec interface sees it. What NAT rules
are you using?
Make sure that packets destined for 10.0.0.0/8 are exempt from masquerading.
Read this thread for more insight:
http://lists.freeswan.org/pipermail/useres/2002-August/012918.html
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPcBQwUOSC4btEQUtAQGcZQQAucWkpkDdZhVn4vtHLEQ8fYTAFOgGpGgW
eYNpN0/ofkrCkIh9up+2TyVGE4paFuCSt1EGjKWNPMncw5UOLh6l3DQ0F25DWsJv
b2bJJMArmabmPMJyOvyKS+jwbqVFBN8TlH/gknKKdJyzcQ8wxW3dV27uPmoHnRTg
HsJXNHsS/H0=
=lohG
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 31 2002 - 05:20:35 CET