[ previous ] [ next ] [ threads ]
 
 From:  "Jason J. Ellingson" <jason at ellingson dot com>
 To:  "'RP Smith'" <rpsmith at hotmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0wall to m0n0wall IPSec Issues
 Date:  Tue, 16 Nov 2004 06:04:07 -0600
Correct, you don't need it.  I've just noticed that it helps my tunnels be
more stable when trying to use terminal services to my servers.  Without
allowing ESP fragments, it'd "hiccup" pretty often (packets not making it
and having to be resent).  After allowing the ESP fragments it's always
smooth.

Perhaps it has something to do with my specific versions of m0n0?  Dunno...
------------------------------------------------------------
Jason J Ellingson
Technical Consultant

615.301.1682 : nashville
612.605.1132 : minneapolis

www.ellingson.com
jason at ellingson dot com

-----Original Message-----
From: RP Smith [mailto:rpsmith at hotmail dot com] 
Sent: Monday, November 15, 2004 8:08 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] m0n0wall to m0n0wall IPSec Issues

>From: "Jason J. Ellingson" <jason at ellingson dot com>
>To: "'Chris Breish'" <cbreish at pchelpservice dot com>
>CC: <m0n0wall at lists dot m0n0 dot ch>
>Subject: RE: [m0n0wall] m0n0wall to m0n0wall IPSec Issues
>Date: Mon, 15 Nov 2004 17:48:13 -0600
>
>
>Also, don't forget to open the set a rule to allow ESP (also check the
>"allow fragments" for that ESP rule) to your m0n0 IP.
>------------------------------------------------------------

I have several IPSEC connections working fine without the above rule.  Also,

I haven't had any luck with "Main" but "Aggressive" works just fine.

Roy...



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch