Hi!
Jeff Quast wrote:
you need to declare a bypass flow on the side of the network where the router,
presumably on 192.168.0.0/24 requires communication to the local network
segment also on 192.168.0.0/24. It is probobly trying to send this across the
tunneled wire, which won't reach its destination.
Create a bypass for flows from 192.168 to 192.168, like so:
flow esp from 192.168.0.0/24 to 192.168.0.0/24 type bypass
Coming to the office this morning i found out that all office's outgoing
traffic goes through my home gateway. It looks like IPSec created
default route for hosts in local network.
From the `netstat -rn`
Encap:
Source Port Destination Port Proto
SA(Address/Proto/Type/Direction)
default 0 192.168.0/24 0 0
77.109.17.213/esp/use/in
192.168.0/24 0 default 0 0
77.109.17.213/esp/require/out
192.168.0/24 0 192.168.0/24 0 0 none/esp/bypass/in
192.168.0/24 0 192.168.0/24 0 0 none/esp/bypass/out
Config file of the office's gateway:
flow esp from 192.168.0.0/24 to 192.168.0.0/24 type bypass
ike passive esp from 192.168.0.0/24 to any dstid [EMAIL PROTECTED] psk xxx
As i understand, the problem is in ``any'' keyword in second line. But
what it should be if peers IP is dynamic?
--
Alexey Vatchenko
http://www.bsdua.org
