Make sure you have routes to the given subnets in the routing table as well.
The way networking and IPSec work together on OpenBSD is a two step process: 1) is there a routing table entry? if yes, go to step 2 (but do not use it) 2) is there an IPSec flow that matches? if yes, use the IPSec flow 3) if no IPSec flow, use the routing table entry Note that step 2 is not reached if there is no routing table entry. FWIW. Penned by Axel Rau on 20110307 4:36.27, we have: | | Am 07.03.2011 um 04:28 schrieb Todd T. Fries: | | >Note that enc(4) and thus ipsec(4) never sees traffic that does not | >precisely match your flows. | Yes, both LANs represent the /64s shown in the flows. | | Axel | --- | PGP-Key:29E99DD6 ??? +49 151 2300 9283 ??? computing @ chaos claudius -- Todd Fries .. [email protected] _____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | 2525 NW Expy #525, Oklahoma City, OK 73112 \ sip:[email protected] | "..in support of free software solutions." \ sip:[email protected] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
