yhx have been working now ,  my notebook antivirus blocking ping request .
but how i can make the server vpn in host(a) can accepy any connection
from dynamic ip , and mobile user .
thx
On 7/23/07, John Jackson <[EMAIL PROTECTED]> wrote:
Have you tried tcpdumping on the enc0 interface on both gateways to see
what happens on when pinging?  tcpdump -n -s 1600 -i enc0

Is there a firewall enabled on the non-responsive end hosts?  I've seen
recent versions of Windows block or drop icmp echo requests, maybe some
recent service pack release?  I know our Windows admins swear they
didn't do it themselves.


On Mon, Jul 23, 2007 at 04:40:40PM +0700, sonjaya wrote:
> thx daniel , i have follow the link and still get ping reply from
> pc(a) to pc(b) , below my ipsec.conf and pf.conf
> in host(a)
> # cat /etc/ipsec.conf
> ike esp from 192.168.0.0/24 to 192.168.2.0/24 peer host(b)
> ike esp from host(a) to 192.168.2.0/24 peer host(b)
> ike esp from host(a) to host(b)
> #
> # cat /etc/pf.conf
> ext_if="xl0"
> int_if="xl1"
> set skip on { lo0 $int_if enc0 }
> nat on $ext_if from !($ext_if) -> ($ext_if:0)
> block in
> pass out keep state
> pass quick on $ext_if from host(b)
>
> in host(b)
> # cat /etc/ipsec.conf
> ike esp from 192.168.2.0/24 to 192.168.0.0/24 peer host(a)
> ike esp from host(b) to 192.168.0.0/24 peer host(a)
> ike esp from host(b) to host(a)
> #
>
> # cat /etc/pf.conf
> ext_if="xl0"
> int_if="xl1"
> set skip on { lo0 $int_if enc0 }
> nat on $ext_if from !($ext_if) -> ($ext_if:0)
> block in
> pass out keep state
> pass quick on $ext_if from host(a)
>
> i try traceroute at both host
> #pc(b) to pc(a)
> c:\Document and Settings\User.notebook\tracert 192.168.0.4
> Tracing route to 192.168.0.4 over  a maximun of 30 hops
>
> 1.  <1ms    <1ms   <1ms  192.168.2.1
> 2.  2 ms     1 ms  1 ms host(b) [219.83.xx.xx]
> 3.  2 ms     1 ms  2 ms 192.168.0.4
>
> #pc(a) to pc(b)
> [EMAIL PROTECTED] root]# traceroute 192.168.2.12
> traceroute to 192.168.2.12 (192.168.2.12), 30 hops max, 38 byte packets
> 1  192.168.0.151 (192.168.0.151)  0.226 ms  0.181 ms  0.136 ms
> 2  host(b) (219.83.xx.xx)  1.742 ms  1.736 ms  1.591 ms
> 3  * *
>
> so where is wrong , my pf / my ipsect ...?
>
> all fresh installed from obsd 4.1 .
>
>
>
>
> On 7/23/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
> >sonjaya wrote:
> >> http://www.openbsdsupport.org/vpn-ipsec.html
> >
> >May be you could also have a look at this nice presentation that show
> >many changes done on OpenBSD.
> >
> >You can start here to see some OpenBSD suggestions, but you can look it
> >all as well as it's nice. (;>
> >
> >http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00057.html
> >
>
>
> --
> sonjaya
> http://sicute.blogspot.com
>
>
> !DSPAM:1,46a479a0220011806319350!
>
>



--
sonjaya
http://sicute.blogspot.com

Reply via email to