I have a simple setup. Sydney to Melbourne and the ipsec.conf is one of the nice easy ones whilst I learn to do more complex setups. It has been working for months.
Today doing "ipsecctl -s all" at either end generates the expected output. Each is a mirror of the other. netstat -rnf encap shows expected output at both ends. Again mirrors of the other. However sshing into each and doing a traceroute to t'other end gives madly assymetric results. With the distant gateway as the target Syd gets to Mel in one hop, as expected. Mel gets to Syd going out the $ext_if rather than the encap. As the LANs are RFC1918s Mel cannot get to Syd but Syd can get to Mel. Killing (desperation set in) isakmpd and restarting both ends did nothing to change the situation. What kind of diagnostics can I use to debug this? Extra points for a correct guess as to the cause all this time after installation. Thanks, Rod. >From the land "down under": Australia. Do we look <umop apisdn> from up over?
