[ previous ] [ next ] [ threads ]
 
 From:  "Paul Dugas" <paul at dugas dot cc>
 To:  "m0n0wall Mailing List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSEC pass-thru
 Date:  Thu, 2 Jun 2005 14:02:37 -0400 (EDT)
I have a Nortel 1010 VPN box setup with only one physical interface.  It's
connected to my internal network and gets out via my
Soekris-4801/m0n0-1.2b8 box.  Is it successfully building the required
tunnels but I'm having a few issues.

First, I'm having an MTU issue with the combination of the PPPoE WAN
interface and the IPSEC tunnels.  I don't understand enough about this to
know where the problem is.  Blindly fiddling with MTU settings on m0n0 and
the 1010 haven't yielded a solid connection.  Anybody got a suggestion as
to how it should be?

Second, I'm occasionally seeing entries inthe firewall logs indicating
dropped ESP and UDP:500 packets from the company VPN server to the
internal address of the 1010 box.  Do these indicate some kind of NAT
timeout issuie or something?  Are these expected?

Paul

-- 
Paul Dugas, Computer Engineer           Dugas Enterprises, LLC
paul at dugas dot cc     phone: 404-932-1355   522 Black Canyon Park
http://dugas.cc     fax: 866-751-6494   Canton, GA 30114 USA