I have a problem with vpnd, or rather, it's a routing problem. Vpnd initially uses tcp to connect, then setup a slip link for encrypted traffic. 200.300.400.501 nat -> 10.0.0.2 +-- cisco -- firewall-vpn-gw --- clientnets: 10.{10. 11. 12. 13.} | 10.0.0.1 10.0.0.2 | +---------- clientnet-vpn-gw ----- testclient 20.30.40.51 10.15.0.1 10.15.0.5 Using option 'defaultroute' in vpnd.conf means that vpnd uses the system default route for the slip interface, which means that I can trace the slip interfaces from each vpnd-gateway to the other, but not to the local networks behind. Given the followin route -n listings, I need to add routes to those nets, but I can't seem to make it work (lack of routing experience..). Clearly, traffic going to either of the slip interfaces will end up going via the default route, and, in this case, end up at the internet. Firewall-vpn-gw 'route -n': Destination Gateway Genmask Flags Metric Ref Use Iface 10.2.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth2 10.10.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth4 10.3.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth3 10.11.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth5 10.1.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 10.0.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 10.30.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 sl0 10.12.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth6 10.13.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth7 10.2.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2 10.3.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3 10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth4 10.11.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth5 10.12.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth6 10.13.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth7 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0 Client-vpn-gw 'route -n': Destination Gateway Genmask Flags Metric Ref Use Iface 20.30.40.51 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 10.0.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 sl0 10.30.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 20.30.40.50 0.0.0.0 255.255.255.240 U 0 0 0 eth0 10.15.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 20.30.40.51 0.0.0.0 UG 0 0 0 eth0 -- Regards, Mr Dev - Mogens Valentin http://www.mrdev.com - mrdev@danbbs.dk OpenSource Security - Networking - Programming Søger 2-3 vær. lejlighed, helst fra 1. marts Istandsættelse i noget omfang kan tilbydes - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html