On Thursday 13 March 2003 13:33, Junge, Stefan wrote:
Hi,
I solved the problem. In my conn Roadwarrior I have changed the value for network=both to network=lan.
Now ipsec on my w2k client starts without errors.
How can I test the vpn tunnel ? I have made a tcpdump -n -i ipsec0 on my gateway and a ping from my client to the gateway. The ping works fine, but there were no packets detected with tcpdump. You should see the decoded packets on ipsec0 (if that is your tunnel if) and the encrypted packets with proto 50 on eth0 (if that is your lan if).
On the linux side you can use "ipsec look" to check if there is a tunnel, and you could turn on logging, e.g. with plutodebug="emitting parsing control" in /etc/ipsec.conf (restart ipsec after that) On the w2k side you can use "ipsecmon" to check if there is a tunnel. Andreas Baetz