On 6/21/07, Phillip Hellewell <sshock@gmail.com> wrote:
On 4/24/07, Phillip Hellewell <sshock@gmail.com> wrote:

Thanks.  I think I may have got it almost working now.  The problem I am having now is when the remote side has two subnets.

The remote side has both 192.168.0.0/21 and 10.2.2.0/24 subnets.  If I start out by pinging something on the 192.168.0.0/21 subnet, I can thereafter ping anything on that subnet.  But if I then ping something on the 10.2.2.0/24 subnet I can thereafter only ping only on that subnet, and not on the 192.168.0.0/21 subnet anymore (until I bring down the vpn connections and start over).

tcpdump shows the echo reply coming all the way back to me.  I see the ESP and the decrypted ICMP packet.  But then it gets lost in the kernel or something.  Maybe I should try a newer kernel.  I've got 2.6.18.

root@sshock:/usr/src# ping 192.168.0.7
PING 192.168.0.7 (192.168.0.7) 56(84) bytes of data.

--- 192.168.0.7 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2009ms

Phillip