Re: problem with ipsec tunnel

[Ghislaine Labouret <Ghislaine.Labouret@hsc.fr>]

On Tue, 28 Aug 2001 10:48:39 +0000 (GMT), webmind wrote:

> i'm trying to setup a secure ipsec tunnel between 2 openbsd gateways in a
> test setup. i followed the FAQ, read the man pages. and all should
> work.. isakmpd starts up fine, routes are created(2), /kern/ipsec
> contains's SPI's, there is some isakmp traffic during startup of isakmpd,
> config looks ok, policy looks ok, route taqble looks ok..
> but when i try to send traffic from gateway 1 to the internal adress of
> gateway2, gateway1 just sends the packets to it's default router... and
> the packet never gets encrypted, and never gets to gateway2
> 
> anyone who can help me with this? i really would like to get this working.

Did you also use the _internal_ address of gateway1 as the source of your
traffic? Traffic from the external interface of the gateway itself won't
get encrypted if you configured isakmpd to protect the internal subnets
only. To test from the gateway, you can use the -I option of ping for
exemple: ping -I internal_address_gw1 internal_address_gw2.

If that's not the issue, I suggest sending more information (config files,
output from 'cat /kern/ipsec' and 'netstat -rn -f encap'...).


Sincerely,

--
Ghislaine Labouret, Network security consultant
Hervé Schauer Consultants (HSC) - http://www.hsc.fr/
Phone (+33)-141-409-700 - Fax (+33)-141-409-709