> After making the RSA right, I restarted the ipsec service on both > side and then I try to ping a machine on 192.168.1.x from 192.168.9.x subnet but the ping times out and there is nothing in auth.log or syslog suggesting a reason. > > Could you please suggest what I should look at now? I am including > the log messages and the config files. > > BTW, both ends have dynamic IPs but they do not change for long time. > The left, leftnexthop, right and rightnexthop are extracted from the > file /var/state/dhcp/dhclient.leases
Well, it looks like your tunnel is coming up, so I'd look at firewalling rules. The behavior you're seeing can be caused if protocol 50 packets are being denied or rejected by one (or both) of the firewalls. Since you're not setting [left|right]firewall=yes, you need to make sure you're allowing the ESP (protocol 50) packets between the firewalls. Check /var/log/messages for denied packets, and the output of "net ipfilter list" for non-zero counts beside any deny/reject rules. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user