[ previous ] [ next ] [ threads ]
 From:  "Paul Dugas" <paul at dugas dot cc>
 To:  "m0n0wall Mailing List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSEC pass-thru
 Date:  Thu, 2 Jun 2005 14:02:37 -0400 (EDT)
I have a Nortel 1010 VPN box setup with only one physical interface.  It's
connected to my internal network and gets out via my
Soekris-4801/m0n0-1.2b8 box.  Is it successfully building the required
tunnels but I'm having a few issues.

First, I'm having an MTU issue with the combination of the PPPoE WAN
interface and the IPSEC tunnels.  I don't understand enough about this to
know where the problem is.  Blindly fiddling with MTU settings on m0n0 and
the 1010 haven't yielded a solid connection.  Anybody got a suggestion as
to how it should be?

Second, I'm occasionally seeing entries inthe firewall logs indicating
dropped ESP and UDP:500 packets from the company VPN server to the
internal address of the 1010 box.  Do these indicate some kind of NAT
timeout issuie or something?  Are these expected?


Paul Dugas, Computer Engineer           Dugas Enterprises, LLC
paul at dugas dot cc     phone: 404-932-1355   522 Black Canyon Park
http://dugas.cc     fax: 866-751-6494   Canton, GA 30114 USA