IPsec FAQ correction... (fwd)

To: tech-net%NetBSD.org@localhost
Subject: IPsec FAQ correction... (fwd)
From: Mark Weinem <mark.weinem%alumni.uni-due.de@localhost>
Date: Wed, 13 Feb 2008 15:58:58 +0100 (CET)

Hi,

Please let me know if the change request below is okay (or how this should 
be handled).


Many thanks in advance & best regards, Mark


---------- Forwarded message ----------
[...]
------------------------------------------------------------
Subject: IPsec FAQ correction...


Hi,

On this page and section:

http://www.netbsd.org/docs/network/ipsec/index.html#sample_vpn

Configuration examples: IPsec VPN

# Note that routing should be set up in advance, i.e. for
this example:
#       route -n add -net 10.0.2.0 10.0.2.1
#       route -n add 10.0.2.1 10.0.1.1

There is a problem with this config that I tried, you can't
ping from one gateway to local adress of a computer on the
opposite LAN behind its gateway.  (but ping gateway to
gateway work).


Should be only one route like this:

route -n add -net 10.0.2.0 10.0.1.1

and it possible to ping anything... from anywhere on both LAN.

If you want, it's possible for me to send you all my test
config for site-site IPsec VPN.
------------------------------------------------------------

Prev by Date: Re: DHCP client with minimal functionality and size
Next by Date: wm(4) interrupt params [was: CVS commit: src/sys/dev/pci]
Previous by Thread: net80211 update
Next by Thread: wm(4) interrupt params [was: CVS commit: src/sys/dev/pci]
Indexes:

Home | Main Index | Thread Index | Old Index