On Tue, Sep 07, 2004 at 12:52:52PM +0200, Vik Heyndrickx wrote: > > > left subnet "public" network right subnets > 10.111.111.0/24 192.168.77.0/24 10.222.222.0/24 > 10.222.223.0/24 > +------------+ +-----------------------------+ +---------------------------+ +--------------+ > | left host | | left gateway | | right gateway | | right host | > | eth0 |-----| eth1 eth0 |-----| eth0 eth1 |-----| eth0 | > |10.111.111.1| |10.111.111.254 192.168.77.127| |192.168.77.128 10.222.222.1| |10.222.222.254| > | | | | | 10.222.223.1| |10.222.223.254| > +------------+ +-----------------------------+ +---------------------------+ +--------------+ > > IPSEC tunnel > 10.111.111.0/24 ================ 10.222.222.0/24 > IPSEC tunnel > 10.111.111.0/24 ================ 10.222.223.0/24 > > If both tunnels are up, I can ping from left host to 10.222.223.254, but NOT to 10.222.222.254. Can you ping 10.222.222.1 from the left host? Please show me the output of setkey -PD and setkey -D. I'd also like to see the output of ip ro ls cache just while you're doing an failed ping. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
