[leaf-user] ipsec tunnel pings OK; but *NO* app traffic ?!?!

Fri, 20 Jun 2003 12:50:33 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We thought that we had a successful tunnel between our side, with DCD
gateway and freeswan v1.91, and a client with a cisco router.  Both
sides successfully ping each other; but, the application on our side
cannot establish a tcp connection to the other side.

The only unusual thing we know about this vpn is that the _other_ side
will *not* allow private ip address traffic (RFC 1918/1627/1597); so, we
elected to go with a gateway<->subnet vpn setup.

Debugging this problem is complicated by the fact that our side must use
this application connection _outside_of_the_vpn_ several times per day,
until the vpn is working ;<

Furthermore, that information that you need to see is voluminous, and
somewhat private.  To that end, we shall post the greatest bulk of data
to this url:

        <http://helices.org/tmP/vpn-mcai-go.txt>

What do you think?


# rough network diagram

+---------------------+    +-----------------+
|                     |    |                 |
| 204.235.101.128/28  |<==>|  204.235.103.2  |
|                     |    |     gateway     |
+---------------------+    +-----------------+
            D                   C   ^
                                    |
                                    v
                                 INTERNET
                                 ========
                                    ^
      A                             |
+-----------+                   B   v
|           |              +------------------+
|  MASQ'd   |              |                  |
|  private  |------------->|  144.228.51.210  |
|  network  |              |     gateway      |
|           |              +------------------+
+-----------+


- -- 
Best Regards,

mds
mds resource
877.596.8237
- -
Dare to fix things before they break . . .
- -
Our capacity for understanding is inversely proportional to how much
we think we know.  The more I know, the more I know I don't know . . .
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+82OoLUOEaCtUQpwRAtzjAJwMkdeo5sPaK8aqSVQAxYyPeZzmwgCfco3X
hlidzdasq+yKOZkzWlG8bjc=
=RzMu
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to