Hello Radek,
On 11/2/18 10:16 PM, Radek wrote:
I know this set-up to be working, as it is currently running here in production.Thank you for your response, Following your suggestion I removed IP from enc0 and changed iked.conf as below: $ cat /etc/iked.conf dns1 = "8.8.8.8" dns2 = "8.8.4.4" ikev2 "roadWarrior" ipcomp esp \ from 0.0.0.0/0 to 0.0.0.0/0 \ local A.B.C.77 peer any \ srcid "/C=PL/ST=ZK/L=KL/O=PK/OU=test/CN=A.B.C.77/emailAddress=t...@123.com" \ config address 10.0.1.0/24 \ config netmask 255.255.255.0 \ config name-server $dns1 \ config name-server $dns2 \ config access-server A.B.C.77 \ config protected-subnet 0.0.0.0/0 \ tag "$id" It did not solve my problem. Clients from !A.B.C.0/23 still get 809 Error.
Your set-up is still a bit 'unclear', I would rather say you have a firewall/routing problem than an IPSec problem. Error 809 means no data received.I also tried another scenario: puffy_server <-> puffy_warrior The same. My warrior also can not connect if it is !A.B.C.0/23 and it VPN works fine for clients from A.B.C.0/23. Both machines are 6.3/i386.
Could you post your pf.conf? How do you connect to networks !A.B.C.0/23 Is your IPSec connection NATed? Cheers Kim
smime.p7s
Description: S/MIME Cryptographic Signature