Thanks! Ok I followed your procedure and I am getting this when I initiate the tunnel from the Victoria side:
ipsec whack --initiate --name victoria 002 "victoria" #1: initiating Main Mode 104 "victoria" #1: STATE_MAIN_I1: initiate 106 "victoria" #1: STATE_MAIN_I2: sent MI2, expecting MR2 108 "victoria" #1: STATE_MAIN_I3: sent MI3, expecting MR3 002 "victoria" #1: Main mode peer ID is ID_IPV4_ADDR: '139.142.224.39' 002 "victoria" #1: ISAKMP SA established 004 "victoria" #1: STATE_MAIN_I4: ISAKMP SA established 002 "victoria" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK 117 "victoria" #2: STATE_QUICK_I1: initiate 010 "victoria" #2: STATE_QUICK_I1: retransmission; will wait 20s for response It never completes the tunnel. Can anyone please tell me what I am missing here? Thanks in advance! Troy -----Original Message----- From: Lynn Avants [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 1:10 AM To: Troy Aden; Leaf-User ([EMAIL PROTECTED]) Subject: Re: [leaf-user] IPSEC NAT traversal with shorewall HELP! On Tuesday 25 November 2003 08:47 pm, Troy Aden wrote: [...] > My goal with this configuration is to have two networks linked via IPSEC. I > would expect that all users from site A will be able to communicate with > all users on site B "transparently" meaning that for all intents and > purposes users on site A's internal network would be able to communicate > with users from site B's internal network as if they were on the same LAN. > If I am off base in how this works, please feel free to correct me. DNS, WINS, and other forms of broadcast traffic will not work ideally across the tunnel "transparently". For SMB networking, you'll likely have to link PDC's and/or WIN servers on each subnet. There is some information on this at http://leaf.sf.net/devel/guitarlynn/ipsec.txt -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
