OK, clever is not always good ;> I had tried to hardcode the udp port 500 and protocols 50/51 stuff in network.conf and ipchains.input, which apparently is not adequate?
When I turned on leftfirewall=yes, then it all works, again . . . "Michael D. Schleif" wrote: > > Not sure what changed. This was working (many months) between these two > (2) dcd gateways until I was testing for dcd--cisco vpn last night ;< > > Details are here -- shout if you want to see more: > > trout -- bluetrout : > <http://www.helices.org/tmP/ipsec.txt> > > Basically, both sides' ipsec appear to be healthy and functional. In > fact, bluetrout can do anything on trout network that we've tested. > > However, trout can ping bluetrout; but, trout *CANNOT* ping anything > else on bluetrout network ;< > > Yes, tcpdump's are at that link. > > What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
