yhx have been working now , my notebook antivirus blocking ping request .
but how i can make the server vpn in host(a) can accepy any connection
from dynamic ip , and mobile user .
thx
On 7/23/07, John Jackson <[EMAIL PROTECTED]> wrote:
Have you tried tcpdumping on the enc0 interface on both gateways to see
what happens on when pinging? tcpdump -n -s 1600 -i enc0
Is there a firewall enabled on the non-responsive end hosts? I've seen
recent versions of Windows block or drop icmp echo requests, maybe some
recent service pack release? I know our Windows admins swear they
didn't do it themselves.
On Mon, Jul 23, 2007 at 04:40:40PM +0700, sonjaya wrote:
> thx daniel , i have follow the link and still get ping reply from
> pc(a) to pc(b) , below my ipsec.conf and pf.conf
> in host(a)
> # cat /etc/ipsec.conf
> ike esp from 192.168.0.0/24 to 192.168.2.0/24 peer host(b)
> ike esp from host(a) to 192.168.2.0/24 peer host(b)
> ike esp from host(a) to host(b)
> #
> # cat /etc/pf.conf
> ext_if="xl0"
> int_if="xl1"
> set skip on { lo0 $int_if enc0 }
> nat on $ext_if from !($ext_if) -> ($ext_if:0)
> block in
> pass out keep state
> pass quick on $ext_if from host(b)
>
> in host(b)
> # cat /etc/ipsec.conf
> ike esp from 192.168.2.0/24 to 192.168.0.0/24 peer host(a)
> ike esp from host(b) to 192.168.0.0/24 peer host(a)
> ike esp from host(b) to host(a)
> #
>
> # cat /etc/pf.conf
> ext_if="xl0"
> int_if="xl1"
> set skip on { lo0 $int_if enc0 }
> nat on $ext_if from !($ext_if) -> ($ext_if:0)
> block in
> pass out keep state
> pass quick on $ext_if from host(a)
>
> i try traceroute at both host
> #pc(b) to pc(a)
> c:\Document and Settings\User.notebook\tracert 192.168.0.4
> Tracing route to 192.168.0.4 over a maximun of 30 hops
>
> 1. <1ms <1ms <1ms 192.168.2.1
> 2. 2 ms 1 ms 1 ms host(b) [219.83.xx.xx]
> 3. 2 ms 1 ms 2 ms 192.168.0.4
>
> #pc(a) to pc(b)
> [EMAIL PROTECTED] root]# traceroute 192.168.2.12
> traceroute to 192.168.2.12 (192.168.2.12), 30 hops max, 38 byte packets
> 1 192.168.0.151 (192.168.0.151) 0.226 ms 0.181 ms 0.136 ms
> 2 host(b) (219.83.xx.xx) 1.742 ms 1.736 ms 1.591 ms
> 3 * *
>
> so where is wrong , my pf / my ipsect ...?
>
> all fresh installed from obsd 4.1 .
>
>
>
>
> On 7/23/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
> >sonjaya wrote:
> >> http://www.openbsdsupport.org/vpn-ipsec.html
> >
> >May be you could also have a look at this nice presentation that show
> >many changes done on OpenBSD.
> >
> >You can start here to see some OpenBSD suggestions, but you can look it
> >all as well as it's nice. (;>
> >
> >http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00057.html
> >
>
>
> --
> sonjaya
> http://sicute.blogspot.com
>
>
> !DSPAM:1,46a479a0220011806319350!
>
>
--
sonjaya
http://sicute.blogspot.com
