-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Tibbs, Richard wrote:
| Charles, | Unbelievably long time getting back to this, but ipsec look yields: | firewall: -root- | # ipsec look | firewall Thu May 5 09:21:55 UTC 2005 | ipsec0->eth0 mtu=16260(1500)->1500 | ================================================== | 216.x.y.64/26 dev eth0 proto kernel scope link src 216.x.y.89 | 216.x.y.64/26 dev ipsec0 proto kernel scope link src 216.x.y.89 | default via 216.x.y.65 dev eth0 | | firewall: -root- | | Anything wrong with the above? Eth0 is external, to ISP.
Yeah...you're missing a whole lot of info that would typically indicate your tunnels are up (see an example from my system, below my sig).
I suspect you don't have your configuration files setup correctly, and am wondering if you even have any valid connection descriptions loaded (you typically see *SOMETHING* in ipsec look, even if a tunnel is currently down).
Can you provide the output of "ipsec barf" (be patient, it takes a while)?
- -- Charles Steinkuehler [EMAIL PROTECTED]
tempest: -root- # ipsec look tempest Wed May 4 14:53:51 UTC 2005 0 10 28 0 019:0:10.34.1.0/24:0 -> 10.28.0.0/19:0 => [EMAIL PROTECTED]:0 (709) 0 10 34 2 024:0:10.34.1.0/24:0 -> 10.34.2.0/24:0 => %trap:0 (0) 0 10 48 1 024:0:10.34.1.0/24:0 -> 10.48.1.0/24:0 => [EMAIL PROTECTED]:0 (0) ipsec0->eth0 mtu=16260(1443)->1500 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=65.16.44.210 iv_bits=64bits iv=0xed3402d8cd6ef262 ooowin=64 seq=709 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(131832,0,0)addtime(9705,0,0)usetime(9639,0,0)packets(709,0,0) idle=107 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=207.235.86.252 iv_bits=64bits iv=0x91d74f39045ad270 ooowin=64 seq=652 bit=0xffffffffffffffff alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(97668,0,0)addtime(9705,0,0)usetime(9639,0,0)packets(652,0,0) idle=107 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=24.221.61.204 iv_bits=64bits iv=0xf07f141ca5d7d319 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(3021,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=65.16.44.210 iv_bits=64bits iv=0x2e1d1d44419ceb9f ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(3021,0,0) [EMAIL PROTECTED] IPIP: dir=in src=207.235.86.252 life(c,s,h)=bytes(97668,0,0)addtime(9705,0,0)usetime(9639,0,0)packets(652,0,0) idle=107 [EMAIL PROTECTED] IPIP: dir=out src=65.16.44.210 life(c,s,h)=bytes(107482,0,0)addtime(9705,0,0)usetime(9639,0,0)packets(709,0,0) idle=107 [EMAIL PROTECTED] IPIP: dir=in src=24.221.61.204 life(c,s,h)=addtime(3021,0,0) [EMAIL PROTECTED] IPIP: dir=out src=65.16.44.210 life(c,s,h)=addtime(3021,0,0) ================================================== 65.16.44.209 dev eth0 scope link 65.16.44.208/28 dev eth0 proto kernel scope link src 65.16.44.210 65.16.44.208/28 dev ipsec0 proto kernel scope link src 65.16.44.210 10.48.1.0/24 via 65.16.44.209 dev ipsec0 10.34.2.0/24 via 65.16.44.209 dev ipsec0 10.28.0.0/19 via 65.16.44.209 dev ipsec0 default via 65.16.44.209 dev eth0
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFCeo6MLywbqEHdNFwRAi8PAJ91d+/6MMvQ97vXmmZf0fWxmQk0KwCfehvy uteZMvkNKktBcQ/hypBc9o8= =BbmK -----END PGP SIGNATURE-----
------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
