Re All:
Thanks to help from various people (mainly Aaron Segura), i've gotten
ISAKMPD partly working; I'm able to ping from the internal IP on one box to
the Internal on the other, tcpdump shows the ESP packets and they echo back.
However, I can't ping from internal ip on one box to a machine behind the
other, or from one box behind a vpn firewall to another box, or from one box
to a remote vpns internal ip.
Obviously something is amiss here; for starters, I'm showing 7 routes on
both boxes ... IIRC I should see 4 total.
The routes on one machine (Goldfish) show as this [consider 1.1.1. as
goldfish' class C, 2.2.2 as trout's]:
(192.168.2.0 is behind trout, 192.168.109 is behind Goldfish)
Encap:
Source Port Destination Port Proto
SA(Address/Proto/Type/Direction)
2.2.2.228/32 0 1.1.1.204/32 0 0 2.2.2.228/50/require/in
2.2.2.228/32 0 192.168.2/24 0 0 2.2.2.228/50/require/in
2.2.2.228/32 0 192.168.109/24 0 0 2.2.2.228/50/require/in
192.168.2/24 0 192.168.109/24 0 0
2.2.2.228/50/require/in
192.168.109/24 0 192.168.2/24 0 0
2.2.2.228/50/require/in
192.168.2/24 0 192.168.109/24 0 0
2.2.2.228/50/require/out
192.168.109/24 0 192.168.2/24 0 0
2.2.2.228/50/require/out
I really need to get this resolved today as I have a manager breathing down
my neck on it; any and all assistance would be welcome. (all our production
firewalls are OpenBSD - getting this VPN Working would put OpenBSD in
another niche in our firm which IMHO is a good thing(tm))
-Brendan W. McAdams
|