|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: hanz
inter-tel.netDate: Mon Jun 03 2002 - 12:00:46 CDT
sounds like routing. I have always found tcpdump useful. use it on all
involved interfaces. I would watch enc0 and fx0 for your icmp packets.
you'll be able to see what happens to them then.
you may have to nat things on the fx0 interface of the office host to
get routing to work properly... just a guess.
good luck.
--H
-----Original Message-----
From: Jedi/Sector One [SMTP:jpureftpd.org]
Sent: Friday, May 31, 2002 2:30 PM
To: miscopenbsd.org
Subject: Lost with IPsec
Hello.
I'm trying to set up a simple IPsec tunnel, but none of my tries did
actually work.
Here's the situation at the office :
192.168.2.x (office private LAN) fx0 fx1
------------------------------------[ My workstation ]-------- Internet
192.168.2.38 1.2.3.4
My workstation has two NICs, one for the private LAN, and another one
on a
public IP. It's running OpenBSD-current.
Here's the situation at home :
Internet ---------------[ My laptop ]
4.3.2.1
That host is also running OpenBSD-current.
What I'd like to do is to access any computer from the office private
LAN
from my home laptop.
In an ideal world, my laptop would appear as 192.168.2.37 when
accessing
office hosts.
I tried to use rc.vpn . The laptop rc.vpn scripts starts with :
# Gateway adresses
GW_LOCAL=4.3.2.1
GW_PEER=1.2.3.4
# Local and remote networks, numbered, syntax <network>/<mask>
LOCAL_NET_0=192.168.2.37/255.255.255.255
REMOTE_NET_0=192.168.2.0/255.255.255.0
I properly created keys, ran the script with swapped addresses on the
office workstation, etc. I was then able to ping 192.168.2.38 from the
laptop, but all other hosts were unreachable.
And yes, forwarding was enabled on 192.168.2.38 and there were no PF
rule.
Any hint?
-- __ /*- Frank DENIS (Jedi/Sector One) <j
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]