> > > Do the samba servers need to communicate with each other? If so, the > > > DCD gateways cannot ping each other, because they are concurrent with > > > the gateway itself -- although, from anywhere else on the remote > > > network, we can ping the opposite gateway by private address. > > > > This is a routing issue. The VPN connects the two private IP LAN's. > > Default traffic sent between the two VPN gateways will use a source IP of > > the primary external interface, so the gateway-gateway packets don't match > > your subnet-subnet tunnel. You can either build a gateway-gateway tunnel > > for the samba traffic, or possibly send the gateway-gateway traffic through > > the existing subnet-subnet tunnel via advanced routing. > > I give up! > > How do we accomplish either suggestion in your last sentence? What do > we need to do?
The easiest is the first suggestion, build a gateway-gateway tunnel. To do this, simply clone your existing subnet-subnet ipsec configuration, and delete the [left|right]subnet sections. This will allow your two VPN gateways to talk to each other. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
