[Vpn-help] vpn-release-1.1 communicate with racoon problem
Zhao Tongyi
zhaotongyi at gmail.com
Tue Nov 28 00:41:57 CST 2006
ok,I have found my fool error,
bacause my DMZ network 192.168.1.0/24,
I set racoon.conf
mode_cfg {
network4 192.168.1.1
}
so my winxp box started up a virtual interface which ip address is
192.168.1.1
when esp packet arrived at the linux box and unencapsulate the packet ,that
is so confusion.bacause my linux box dmz interfaces is 192.168.1.1
Now I set mode_cfg {
network4 192.168.50.1
}
than it is correctly work.
thank all people,particular Matthew,thank you very much and best wishes,
2006/11/28, Matthew Grooms <mgrooms at shrew.net>:
>
> Zhao Tongyi wrote:
> > i have captured the esp packets from my linux box ,so I think iptables
> > work is fine and not blocked the esp packets,now my question is I don't
> > know if ipsec-tools unencapsulation incoming esp packets and forward
> > others ethernet card.
> >
>
> Zhao,
>
> One other thing, ipsec-tools does not handle esp processing. It
> only helps to negotiate crypto keys with a peer on behalf of the kernel.
> Once the keys are installed, the kernel handles all the ESP/AH/IPCOMP
> packet processing including tunnel mode encap/decap based on the
> information contained in SPD/SAD.
>
> Thanks,
>
> -Matthew
>
--
Best regards,
Tongyi ,Zhao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20061128/9ae68ea9/attachment-0002.html>
More information about the vpn-help
mailing list