yhx have been working now , my notebook antivirus blocking ping request . but how i can make the server vpn in host(a) can accepy any connection from dynamic ip , and mobile user . thx
On 7/23/07, John Jackson <[EMAIL PROTECTED]> wrote:
Have you tried tcpdumping on the enc0 interface on both gateways to see what happens on when pinging? tcpdump -n -s 1600 -i enc0 Is there a firewall enabled on the non-responsive end hosts? I've seen recent versions of Windows block or drop icmp echo requests, maybe some recent service pack release? I know our Windows admins swear they didn't do it themselves. On Mon, Jul 23, 2007 at 04:40:40PM +0700, sonjaya wrote: > thx daniel , i have follow the link and still get ping reply from > pc(a) to pc(b) , below my ipsec.conf and pf.conf > in host(a) > # cat /etc/ipsec.conf > ike esp from 192.168.0.0/24 to 192.168.2.0/24 peer host(b) > ike esp from host(a) to 192.168.2.0/24 peer host(b) > ike esp from host(a) to host(b) > # > # cat /etc/pf.conf > ext_if="xl0" > int_if="xl1" > set skip on { lo0 $int_if enc0 } > nat on $ext_if from !($ext_if) -> ($ext_if:0) > block in > pass out keep state > pass quick on $ext_if from host(b) > > in host(b) > # cat /etc/ipsec.conf > ike esp from 192.168.2.0/24 to 192.168.0.0/24 peer host(a) > ike esp from host(b) to 192.168.0.0/24 peer host(a) > ike esp from host(b) to host(a) > # > > # cat /etc/pf.conf > ext_if="xl0" > int_if="xl1" > set skip on { lo0 $int_if enc0 } > nat on $ext_if from !($ext_if) -> ($ext_if:0) > block in > pass out keep state > pass quick on $ext_if from host(a) > > i try traceroute at both host > #pc(b) to pc(a) > c:\Document and Settings\User.notebook\tracert 192.168.0.4 > Tracing route to 192.168.0.4 over a maximun of 30 hops > > 1. <1ms <1ms <1ms 192.168.2.1 > 2. 2 ms 1 ms 1 ms host(b) [219.83.xx.xx] > 3. 2 ms 1 ms 2 ms 192.168.0.4 > > #pc(a) to pc(b) > [EMAIL PROTECTED] root]# traceroute 192.168.2.12 > traceroute to 192.168.2.12 (192.168.2.12), 30 hops max, 38 byte packets > 1 192.168.0.151 (192.168.0.151) 0.226 ms 0.181 ms 0.136 ms > 2 host(b) (219.83.xx.xx) 1.742 ms 1.736 ms 1.591 ms > 3 * * > > so where is wrong , my pf / my ipsect ...? > > all fresh installed from obsd 4.1 . > > > > > On 7/23/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote: > >sonjaya wrote: > >> http://www.openbsdsupport.org/vpn-ipsec.html > > > >May be you could also have a look at this nice presentation that show > >many changes done on OpenBSD. > > > >You can start here to see some OpenBSD suggestions, but you can look it > >all as well as it's nice. (;> > > > >http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00057.html > > > > > -- > sonjaya > http://sicute.blogspot.com > > > !DSPAM:1,46a479a0220011806319350! > >
-- sonjaya http://sicute.blogspot.com