宜しくお願い致します。MiwaYonedaと申します。 Win2k(192.168.2.102) | eth0(192.168.2.2) RedHat9 ppp0 | ADSLモデム |(↑事務所側) | WAN | |(↓自宅側) ADSLモデム | ppp0 RedHat9 eth0(192.168.0.1) | Win2k(192.168.0.89) として"事務所⇔自宅"でipsecでのトンネリングを実現したく思っています。 # uname -a Linux hoge.co.jp 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux としてカーネルのバージョンを確認してから ftp://ftp.xs4all.nl/pub/crypto/freeswan/binaries/RedHat-RPMs/2.4.20-8/ から freeswan-module-2.01_2.4.20_8-0.i386.rpm freeswan-userland-2.01_2.4.20_8-0.i386.rpm をダウンロード・インストールしました。 jitaku.ddyn.netのppp0のアドレス…hhh.hhh.hhh.hhh jitaku.ddyn.netのP-t-Pアドレス…xxx.xxx.xxx.xxx jimusho.ddyn.netのppp0のアドレス…ooo.ooo.ooo.ooo jimusho.ddyn.netのP-t-Pアドレス…yyy.yyy.yyy.yyy で表す事にします。 [root@xxxxxxxxxxxxxxx]# grep -v ^# /etc/ipsec.conf version 2.0 # conforms to second version of ipsec.conf specification config setup interfaces="ipsec0=ppp0" klipsdebug=none plutodebug=none conn %default type=tunnel keyingtries=10 authby=rsasig keylife=1h pfs=yes conn jitaku-to-jimusho left=hhh.hhh.hhh.hhh leftsubnet=192.168.0.0/24 leftid=@xxxxxxxxxxxxxxx leftrsasigkey=0sAQP…pA9VU9 leftnexthop=xxx.xxx.xxx.xxx right=ooo.ooo.ooo.ooo rightsubnet=192.168.2.0/24 rightid=@xxxxxxxxxxxxxxxx rightrsasigkey=0sAQN7…6IXIn rightnexthop=yyy.yyy.yyy.yyy auto=add conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore [root@xxxxxxxxxxxxxxx]# grep -v ^# /etc/ipsec.secrets hhh.hhh.hhh.hhh ooo.ooo.ooo.ooo : PSK "qom3TSCN" : RSA { # RSA 2192 bits jitaku.ddyn.net Mon Sep 8 16:30:37 2003 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=0sAQ…A9VU9 : (以下省略) : [root@xxxxxxxxxxxxxxxx]# grep -v ^# /etc/ipsec.conf version 2.0 # conforms to second version of ipsec.conf specification config setup interfaces="ipsec0=ppp0" klipsdebug=none plutodebug=none conn %default type=tunnel keyingtries=0 authby=rsasig keylife=1h pfs=yes conn jitaku-to-jimusho left=ooo.ooo.ooo.ooo leftsubnet=192.168.2.0/24 leftid=@xxxxxxxxxxxxxxxx leftrsasigkey=0sAQN…6IXIn leftnexthop=yyy.yyy.yyy.yyy right=hhh.hhh.hhh.hhh rightsubnet=192.168.0.0/24 rightid=@xxxxxxxxxxxxxxx rightrsasigkey=0sAQP…9VU9 rightnexthop=xxx.xxx.xxx.xxx auto=add conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore [root@xxxxxxxxxxxxxxxx]# grep -v ^# /etc/ipsec.secrets ooo.ooo.ooo.ooo hhh.hhh.hhh.hhh : PSK "qom3TSCN" : RSA { # RSA 2192 bits jimusho.ddyn.net Thu Sep 4 21:06:29 2003 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=0sAQN…IXIn : (以下省略) : と夫々記述しています。 因みに nexthopをコメントアウトしてみましたら、 [root@xxxxxxxxxxxxxxx]# ipsec auto --up jitaku-to-jimusho 104 "jitaku-to-jimusho" #8: STATE_MAIN_I1: initiate 106 "jitaku-to-jimusho" #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 "jitaku-to-jimusho" #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 "jitaku-to-jimusho" #8: STATE_MAIN_I4: ISAKMP SA established 112 "jitaku-to-jimusho" #9: STATE_QUICK_I1: initiate 003 "jitaku-to-jimusho" #9: route-client command exited with status 7 032 "jitaku-to-jimusho" #9: STATE_QUICK_I1: internal error 010 "jitaku-to-jimusho" #9: STATE_QUICK_I1: retransmission; will wait 20s for response 003 "jitaku-to-jimusho" #9: route-client command exited with status 7 032 "jitaku-to-jimusho" #9: STATE_QUICK_I1: internal error 003 "jitaku-to-jimusho" #9: route-client command exited with status 7 032 "jitaku-to-jimusho" #9: STATE_QUICK_I1: internal error 010 "jitaku-to-jimusho" #9: STATE_QUICK_I1: retransmission; will wait 40s for response 031 "jitaku-to-jimusho" #9: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal 000 "jitaku-to-jimusho" #9: starting keying attempt 2 of at most 10, but releasing whack とエラーになり、 nexthopの右辺値として%defaultroute を指定すると ipsec__plutorun: ipsec_auto: fatal error in "jitaku-to-jimusho": %defaultroute requested but not known というエラーになってしまいますので 夫々、nexthopにはP-t-Pアドレスを上記のように指定しました。(そしたらエラーは 無くなりました) [root@xxxxxxxxxxxxxxx]# ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:hhh.hhh.hhh.hhh P-t-P:xxx.xxx.xxx.xxx Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1454 Metric:1 RX packets:410856 errors:0 dropped:0 overruns:0 frame:0 TX packets:650284 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:42406115 (40.4 Mb) TX bytes:828512667 (790.1 Mb) [root@xxxxxxxxxxxxxxxx]# ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:ooo.ooo.ooo.ooo P-t-P:yyy.yyy.yyy.yyy Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1454 Metric:1 RX packets:2044582 errors:0 dropped:0 overruns:0 frame:0 TX packets:1209295 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:2814343338 (2683.9 Mb) TX bytes:102757569 (97.9 Mb) ここで、 [root@xxxxxxxxxxxxxxxx]# service ipsec start ipsec_setup: Starting FreeS/WAN IPsec 2.01... ipsec_setup: Using /lib/modules/2.4.20-8/kernel/net/ipsec/ipsec.o とすると [root@xxxxxxxxxxxxxxxx]# ifconfig ipsec0 ipsec0 Link encap:Point-to-Point Protocol inet addr:ooo.ooo.ooo.ooo Mask:255.255.255.255 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) [root@xxxxxxxxxxxxxxxx]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface nagasaki-a01.fl * 255.255.255.255 UH 0 0 0 ppp0 nagasaki-a01.fl * 255.255.255.255 UH 0 0 0 ipsec0 192.168.2.0 * 255.255.255.0 U 0 0 0 eth0 192.168.0.0 nagasaki-a01.fl 255.255.255.0 UG 0 0 0 ipsec0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default nagasaki-a01.fl 0.0.0.0 UG 0 0 0 ppp0 [root@xxxxxxxxxxxxxxxx]# tail -f /var/log/secure Nov 11 15:32:00 jimusho ipsec__plutorun: Starting Pluto subsystem... Nov 11 15:32:00 jimusho pluto[15866]: Starting Pluto (FreeS/WAN Version 2.01 PLUTO_USES_KEYRR) Nov 11 15:32:01 jimusho pluto[15866]: added connection description "jitaku-to-jimusho" Nov 11 15:32:01 jimusho pluto[15866]: listening for IKE messages Nov 11 15:32:02 jimusho pluto[15866]: adding interface ipsec0/ppp0 ooo.ooo.ooo.ooo Nov 11 15:32:02 jimusho pluto[15866]: loading secrets from "/etc/ipsec.secrets" Nov 11 15:32:11 jimusho pluto[15866]: "jitaku-to-jimusho" #1: responding to Main Mode Nov 11 15:32:12 jimusho pluto[15866]: "jitaku-to-jimusho" #1: sent MR3, ISAKMP SA established Nov 11 15:32:12 jimusho pluto[15866]: "jitaku-to-jimusho" #2: responding to Quick Mode Nov 11 15:32:12 jimusho pluto[15866]: "jitaku-to-jimusho" #2: IPsec SA established となります。そして、 [root@xxxxxxxxxxxxxxx]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface nagasaki.ntt-po * 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth2 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth2 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default nagasaki.ntt-po 0.0.0.0 UG 0 0 0 ppp0 [root@xxxxxxxxxxxxxxx]# service ipsec start ipsec_setup: Starting FreeS/WAN IPsec 2.01... ipsec_setup: Using /lib/modules/2.4.20-8/kernel/net/ipsec/ipsec.o とすると、 [root@xxxxxxxxxxxxxxx]# ifconfig ipsec0 ipsec0 Link encap:Point-to-Point Protocol inet addr:hhh.hhh.hhh.hhh Mask:255.255.255.255 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) [root@xxxxxxxxxxxxxxx]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface nagasaki.ntt-po * 255.255.255.255 UH 0 0 0 ppp0 nagasaki.ntt-po * 255.255.255.255 UH 0 0 0 ipsec0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth2 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth2 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default nagasaki.ntt-po 0.0.0.0 UG 0 0 0 ppp0 [root@xxxxxxxxxxxxxxx]# tail -f /var/log/secure Nov 11 15:35:24 jitaku ipsec__plutorun: Starting Pluto subsystem... Nov 11 15:35:26 jitaku pluto[23468]: Starting Pluto (FreeS/WAN Version 2.01 PLUTO_USES_KEYRR) Nov 11 15:35:27 jitaku pluto[23468]: added connection description "jitaku-to-jimusho" Nov 11 15:35:27 jitaku pluto[23468]: listening for IKE messages Nov 11 15:35:27 jitaku pluto[23468]: adding interface ipsec0/ppp0 hhh.hhh.hhh.hhh Nov 11 15:35:27 jitaku pluto[23468]: loading secrets from "/etc/ipsec.secrets" となります。 そして、いよいよ、 [root@xxxxxxxxxxxxxxx]# ipsec auto --up jitaku-to-jimusho 104 "jitaku-to-jimusho" #1: STATE_MAIN_I1: initiate 106 "jitaku-to-jimusho" #1: STATE_MAIN_I2: sent MI2, expecting MR2 108 "jitaku-to-jimusho" #1: STATE_MAIN_I3: sent MI3, expecting MR3 004 "jitaku-to-jimusho" #1: STATE_MAIN_I4: ISAKMP SA established 112 "jitaku-to-jimusho" #2: STATE_QUICK_I1: initiate 004 "jitaku-to-jimusho" #2: STATE_QUICK_I2: sent QI2, IPsec SA established とすると、 [root@xxxxxxxxxxxxxxx]# tail -f /var/log/secure Nov 11 15:37:38 jitaku pluto[23468]: "jitaku-to-jimusho" #1: initiating Main Mode Nov 11 15:37:39 jitaku pluto[23468]: "jitaku-to-jimusho" #1: ISAKMP SA established Nov 11 15:37:39 jitaku pluto[23468]: "jitaku-to-jimusho" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP Nov 11 15:37:40 jitaku pluto[23468]: "jitaku-to-jimusho" #2: sent QI2, IPsec SA established [root@xxxxxxxxxxxxxxx]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface nagasaki.ntt-po * 255.255.255.255 UH 0 0 0 ppp0 nagasaki.ntt-po * 255.255.255.255 UH 0 0 0 ipsec0 192.168.2.0 nagasaki.ntt-po 255.255.255.0 UG 0 0 0 ipsec0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth2 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth2 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default nagasaki.ntt-po 0.0.0.0 UG 0 0 0 ppp0 [root@xxxxxxxxxxxxxxx]# ipsec look jitaku.ddyn.net Tue Nov 11 15:40:20 JST 2003 192.168.0.0/24 -> 192.168.2.0/24 => tun0x1002@xxxxxxxxxxxxxxx esp0xf16bd699@xxxxxxxxxxxxxxx (0) ipsec0->ppp0 mtu=16260(1454)->1454 esp0xb6657717@xxxxxxxxxxxxxxx ESP_3DES_HMAC_MD5: dir=in src=ooo.ooo.ooo.ooo iv_bits=64bits iv=0x2eb05410eea96122 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(160,0,0) refcount=4 ref=7 esp0xf16bd699@xxxxxxxxxxxxxxx ESP_3DES_HMAC_MD5: dir=out src=hhh.hhh.hhh.hhh iv_bits=64bits iv=0x626ea0fc11a8a7d2 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(160,0,0) refcount=4 ref=12 tun0x1001@xxxxxxxxxxxxxxx IPIP: dir=in src=ooo.ooo.ooo.ooo policy=192.168.2.0/24->192.168.0.0/24 flags=0x8<> life(c,s,h)=addtime(160,0,0) refcount=4 ref=8 tun0x1002@xxxxxxxxxxxxxxx IPIP: dir=out src=hhh.hhh.hhh.hhh life(c,s,h)=addtime(160,0,0) refcount=4 ref=13 Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 xxx.xxx.xxx.xxx 0.0.0.0 UG 0 0 0 ppp0 192.168.2.0 xxx.xxx.xxx.xxx 255.255.255.0 UG 0 0 0 ipsec0 xxx.xxx.xxx.xxx 0.0.0.0 255.255.255.255 UH 0 0 0 ipsec0 xxx.xxx.xxx.xxx 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 [root@xxxxxxxxxxxxxxx]# ipsec auto --status 000 interface ipsec0/ppp0 hhh.hhh.hhh.hhh 000 000 debug none 000 000 "jitaku-to-jimusho": 192.168.0.0/24===hhh.hhh.hhh.hhh[@jitaku.ddyn.net]---xxx.xxx.xxx.xxx...yyy.y yy.yyy.yyy---ooo.ooo.ooo.ooo[@jimusho.ddyn.net]===192.168.2.0/24 000 "jitaku-to-jimusho": ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 10 000 "jitaku-to-jimusho": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; interface: ppp0; erouted 000 "jitaku-to-jimusho": newest ISAKMP SA: #1; newest IPsec SA: #2; eroute owner: #2 000 000 #2: "jitaku-to-jimusho" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2417s; newest IPSEC; eroute owner 000 #2: "jitaku-to-jimusho" esp.f16bd699@xxxxxxxxxxxxxxx esp.b6657717@xxxxxxxxxxxxxxx tun.1002@xxxxxxxxxxxxxxx tun.1001@xxxxxxxxxxxxxxx 000 #1: "jitaku-to-jimusho" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2538s; newest ISAKMP 000 [root@xxxxxxxxxxxxxxxx]# tail -f /var/log/secure Nov 11 15:33:52 jimusho pluto[15866]: "jitaku-to-jimusho" #1: received Delete SA payload: deleting IPSEC State #2 Nov 11 15:33:52 jimusho pluto[15866]: "jitaku-to-jimusho" #1: received and ignored informational message Nov 11 15:33:52 jimusho pluto[15866]: "jitaku-to-jimusho" #1: received Delete SA payload: deleting ISAKMP State #1 Nov 11 15:33:52 jimusho pluto[15866]: packet from hhh.hhh.hhh.hhh:500: received and ignored informational message Nov 11 15:37:39 jimusho pluto[15866]: "jitaku-to-jimusho" #3: responding to Main Mode Nov 11 15:37:40 jimusho pluto[15866]: "jitaku-to-jimusho" #3: sent MR3, ISAKMP SA established Nov 11 15:37:40 jimusho pluto[15866]: "jitaku-to-jimusho" #4: responding to Quick Mode Nov 11 15:37:41 jimusho pluto[15866]: "jitaku-to-jimusho" #4: IPsec SA established [root@xxxxxxxxxxxxxxxx]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface nagasaki-a01.fl * 255.255.255.255 UH 0 0 0 ppp0 nagasaki-a01.fl * 255.255.255.255 UH 0 0 0 ipsec0 192.168.2.0 * 255.255.255.0 U 0 0 0 eth0 192.168.0.0 nagasaki-a01.fl 255.255.255.0 UG 0 0 0 ipsec0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default nagasaki-a01.fl 0.0.0.0 UG 0 0 0 ppp0 [root@xxxxxxxxxxxxxxxx]# ipsec look jimusho.ddyn.net Tue Nov 11 16:49:57 JST 2003 192.168.2.0/24 -> 192.168.0.0/24 => tun0x1006@xxxxxxxxxxxxxxx esp0xb66577 18@xxxxxxxxxxxxxxx (0) ipsec0->ppp0 mtu=16260(1454)->1454 esp0xb6657718@xxxxxxxxxxxxxxx ESP_3DES_HMAC_MD5: dir=out src=ooo.ooo.ooo.ooo iv_bi ts=64bits iv=0x9c0c98407e273b66 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s, h)=addtime(1731,0,0) refcount=4 ref=35 esp0xf16bd69a@xxxxxxxxxxxxxxx ESP_3DES_HMAC_MD5: dir=in src=hhh.hhh.hhh.hhh iv_bi ts=64bits iv=0x16abe916dc0a8cd5 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s, h)=addtime(1732,0,0) refcount=4 ref=30 tun0x1005@xxxxxxxxxxxxxxx IPIP: dir=in src=hhh.hhh.hhh.hhh policy=192.168.0.0/24- >192.168.2.0/24 flags=0x8<> life(c,s,h)=addtime(1732,0,0) refcount=4 ref=31 tun0x1006@xxxxxxxxxxxxxxx IPIP: dir=out src=ooo.ooo.ooo.ooo life(c,s,h)=addtime(17 31,0,0) refcount=4 ref=36 Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 yyy.yyy.yyy.yyy 0.0.0.0 UG 0 0 0 ppp0 192.168.0.0 yyy.yyy.yyy.yyy 255.255.255.0 UG 0 0 0 ipsec0 yyy.yyy.yyy.yyy 0.0.0.0 255.255.255.255 UH 0 0 0 ipsec0 yyy.yyy.yyy.yyy 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 [root@xxxxxxxxxxxxxxxx]# ipsec auto --status 000 interface ipsec0/ppp0 ooo.ooo.ooo.ooo 000 000 debug none 000 000 "jitaku-to-jimusho": 192.168.2.0/24===ooo.ooo.ooo.ooo[@jimusho.ddyn.net]---yyy.yyy.yyy.yyy...xxx. xxx.xxx.xxx---hhh.hhh.hhh.hhh[@jitaku.ddyn.net]===192.168.0.0/24 000 "jitaku-to-jimusho": ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_ fuzz: 100%; keyingtries: 0 000 "jitaku-to-jimusho": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: ppp0; erouted 000 "jitaku-to-jimusho": newest ISAKMP SA: #6; newest IPsec SA: #5; eroute owner: #5 000 000 #5: "jitaku-to-jimusho" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 15 73s; newest IPSEC; eroute owner 000 #5: "jitaku-to-jimusho" esp.b6657718@xxxxxxxxxxxxxxx esp.f16bd69a@xxxxxxxxxxxxxxx tun.1 006@xxxxxxxxxxxxxxx tun.1005@xxxxxxxxxxxxxxx 000 #6: "jitaku-to-jimusho" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REP LACE in 1685s; newest ISAKMP 000 となりました。 また、双方のiptablesは下記のようにしています。 尚、双方のWin2kにはファイアフォールは入れていません。 # cat /etc/myScript/ipsec.sh /sbin/iptables -A INPUT -i ppp0 -p tcp -m state --state NEW,ESTABLISHED --dport 50 -j ACCEPT /sbin/iptables -A OUTPUT -o ppp0 -p tcp -m state --state ESTABLISHED --sport 50 -j ACCEPT /sbin/iptables -A OUTPUT -o ppp0 -p tcp -m state --state NEW,ESTABLISHED --dport 50 -j ACCEPT /sbin/iptables -A INPUT -i ppp0 -p tcp -m state --state ESTABLISHED --sport 50 -j ACCEPT /sbin/iptables -A INPUT -i ppp0 -p udp --dport 500 -j ACCEPT /sbin/iptables -A OUTPUT -o ppp0 -p udp --sport 500 -j ACCEPT /sbin/iptables -A OUTPUT -o ppp0 -p udp --dport 500 -j ACCEPT /sbin/iptables -A INPUT -i ppp0 -p udp --sport 500 -j ACCEPT /sbin/iptables -A INPUT -i ppp0 -p udp --dport 51 -j ACCEPT /sbin/iptables -A OUTPUT -o ppp0 -p udp --sport 51 -j ACCEPT /sbin/iptables -A OUTPUT -o ppp0 -p udp --dport 51 -j ACCEPT /sbin/iptables -A INPUT -i ppp0 -p udp --sport 51 -j ACCEPT でもこの状況下で [user01@xxxxxxxxxxxx]$ ping 192.168.2.102 [user01@xxxxxxxxxxxxx]$ ping 192.168.0.89 としても、timeoutになってしまって、pingが届きません。 [root@xxxxxxxxxxxxxxxx]# tcpdump -i ppp0 port isakmp [root@xxxxxxxxxxxxxxx]# tcpdump -i ppp0 port isakmp は反応がありません。 どうすればpingが届くのでしょうか? __________________________________________________ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/