Hello Radek,
On 11/2/18 10:16 PM, Radek wrote:
Thank you for your response,
Following your suggestion I removed IP from enc0 and changed iked.conf as below:
$ cat /etc/iked.conf
dns1 = "8.8.8.8"
dns2 = "8.8.4.4"
ikev2 "roadWarrior" ipcomp esp \
from 0.0.0.0/0 to 0.0.0.0/0 \
local A.B.C.77 peer any \
srcid
"/C=PL/ST=ZK/L=KL/O=PK/OU=test/CN=A.B.C.77/emailAddress=t...@123.com" \
config address 10.0.1.0/24 \
config netmask 255.255.255.0 \
config name-server $dns1 \
config name-server $dns2 \
config access-server A.B.C.77 \
config protected-subnet 0.0.0.0/0 \
tag "$id"
It did not solve my problem. Clients from !A.B.C.0/23 still get 809 Error.
Your set-up is still a bit 'unclear', I would rather say you have a firewall/routing problem than an IPSec problem. Error 809 means no data received.I also tried another scenario: puffy_server <-> puffy_warrior The same. My warrior also can not connect if it is !A.B.C.0/23 and it VPN works fine for clients from A.B.C.0/23. Both machines are 6.3/i386.
Could you post your pf.conf? How do you connect to networks !A.B.C.0/23 Is your IPSec connection NATed? Cheers Kim
smime.p7s
Description: S/MIME Cryptographic Signature
