[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about ipsec

To: Nicholas Janzen <nick@telin.com>
Subject: Re: Question about ipsec
From: Hakan Olsson <ho@crt.se>
Date: Tue, 1 May 2001 22:37:25 +0200 (MET DST)
Cc: <misc@openbsd.org>

It's a bit hard to tell using the information you supplied, but here's a
few thoughts...

First, did you remember to switch the SPI numbers on one of the sides? If
one side "sends" using SPI 1000, the other side should "send" using
another SPI (separate SAs...).

Then, if the above is not the problem, does it work if you disable IPF?

(I assume you've turned on IP forwarding?)

Does 'netstat -p esp' tell you anything of interest? Which numbers
increase when you try to send traffic across the VPN?

Also, if you haven't already, vpn(8) makes good reading...

/H

--
Håkan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB

References:
- Question about ipsec
  - From: Nicholas Janzen <nick@telin.com>

Prev by Date: Re: What cvsup tag?
Next by Date: Re: files in install tarballs
Prev by thread: Question about ipsec
Next by thread: Re: Fell in a friggin' hole
Index(es):
- Date
- Thread