Hi!

On Wed, 31 Mar 2004, Arto Selonen wrote:

> Continuing with this evolving trend of following up my own posts,

Why stop now...

>   H <->plain<->(ex0)A(ep0) <->IPSEC<-> (fxp0)GW(fxp1) <->plain<-> (fxp0)B

Finally managed to make some tests removing components from the play.
Disabling IPSEC did not remove the problem. Only removing the NAT
mapping from fxp1 (where the 10/8 and 192.168/16 addresses used for
the ex0@A and IPSEC transport were mapped to fxp1@GW address) caused
the problem disappeared. So, this is yet another ipfilter 4.1 issue.
Of course, it may be due to interaction with the rest of the setup here...


Artsi
-- 
#######======------  http://www.selonen.org/arto/  --------========########
Everstinkuja 5 B 35                               Don't mind doing it.
FIN-02600 Espoo        arto@selonen.org         Don't mind not doing it.
Finland              tel +358 50 560 4826     Don't know anything about it.