> > Looks like, but if you still can't ping, you still have an issue > somewhere :-) > > First, check that you now have ESP packets going out from your IPsec > gate when you try to ping. > > > Then, usual issues at that step are: > > - something on the way blocks ESP packets. Solution may be to force > NAT-T (add "nat_traversal force;" line in remote section). > > - IPsec peers has some filtering rules/ACLs which blocks your traffic > after IPsec. > > - Peer does not have a default route, or somethinng like that which > prevents it to reply to you. > > Anyways, the best tool now to see what happens is tcpdump.... on > peer's side !!!! >
When on one console i type tcpdump -i gif0 I don't receive any values! So I thing I should set route do it right? Can you tell me how to do it? netstat -rn print something like this: Destination Gateway Flags Refs Use Netif Expire default 78.x.x.x UGS 3 49544466 bce1 10.10.1.90 10.20.0.1 UH 2238 13439 gif0 Is it ok? or I do something wrong? Ralf _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
