SUCCESS!! Adding the rightsubnet entry on both sides solved the problem. Now both internal nets can access each other.
Kjetil >A simple configuration problem. You have specified a subnet-host connection, *NOT* a subnet-subnet connection. >You are missing a rightsubnet=192.168.3.0/24 entry in both configuration files. Add this and your tunnel >should begin working the way you want...note that all routing for the tunnels is done for you by IPSec, in >general you should not have to manually add routes. >Charles Steinkuehler >http://lrp.steinkuehler.net >http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) >> I'm trying to setup a VPN from my home to the network at work. I'm >> using DCD on firewalls at both ends, the difference being at the >> home-end where I do not have a static IP. After much trying and >> failing I'm at the point Where I can issue an ipsec auto --up >> Work-Home and get a connection up. As a side note, I had to manually >> insert the ipchains command to allow proto 50/51 through at the home >> end just before the deny all rule. Attempts in the network.conf file >> like EXTERN_PROTO0="50 aaa.bbb.ccc.ddd/24" (and similar for proto 51) >> does not work (could be some script problem)). Any thoughts ? Anyway, >> sitting on the fw at home, I can ping machines in the internal net >> behind the fw at work. But; I cannot ping machines in the internal net >> at home from the fw at work. This is probably some routing problem. >> The internal ip-range at home is 192.168.3.0, at work it is >> 192.168.1.0. I tried an : ip route add 192.168.3.0/24 via >> aaa.bbb.ccc.ddd dev ipsec0 (aaa.bbb.ccc.ddd being the gateway we are >> using at work (not the address of the fw)). This does not work. I've >> included the connection sections below. Solutions anyone ? (And as >> detailed as possible, as I'm learning as I go ;) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
