Re: [m0n0wall] IPSec nightmare !!!

From:	John <strgout at unixjunkie dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] IPSec nightmare !!!
Date:	Thu, 13 Jan 2005 16:02:17 -0600

On Thu, Jan 13, 2005 at 12:49:36PM +0100, Miodrag Kovacev wrote:
> Hello all,
> I've established IPSec tunel between remote, and central office.
> Simple question: Ping from central office to remote office works in
> both directions, but no other data flows. I've tried ping with bigger
> packets (600 - 1200 byte) not working. When I use dummy windows
> machine to connect to remote office ISP everything works great. Please
> help me! Routing is OK, which is not a problem! Is it a problem with
> MTU value or....
> 
> 
> USE NOTEPAD for diagram viewing
> 
> 192.168.2.0/24
> +--------+
> | remote |
> | office |
> +--------+
> WAN PPPoE
> 
>   _______
>  (	  )
> ( INTERNET )
>  (________)
> 
> 
> WAN	WAN
> ISP1	ISP2
> static	STATIC
> +----------+
> | iptables |
> | firewall |---------+
> +----------+	     |
>     |		     |
>     |		     |
>    LAN		MONO_LAN
> 192.168.0.1/24	10.100.0.1/24
> |||||||||	     |
> 	|	     |	
> 	|	10.100.0.2/24
> 	|	    WAN
> 	|	+----------+
> 	|	| monowall |
> 	|	+----------+
> 	|	    LAN 192.168.0.60	
> 	|	     |
> 	+------------+

If you think it could be a MTU problem make sure you are not blocking icmp
unreachables. Have you tried any low bw tcp services? telnet, ftp (login ONLY,
dir listing), maybe even telnet to a smtp server on port 25.