Peter Allgeyer wrote:
> Am Samstag, den 19.11.2005, 11:36 -0500 schrieb Gregory Abbott:
>>Anyway, I noticed in my m0n0wall logs that when I try to connect I see the
>>WAN interface blocking UDP from the concentrator IP address to the nat IP
>>of my machine the client is running on.
> Can you be a little more specific on this point? Cisco IPSec normally
> uses port 4500/udp for tunneling NAT devices. There shouldn't be any
> problems with m0n0wall and/or NAT on this point.
Well, thats whats odd. I've been using VPN from behind my m0n0wall for
about 6 months with no problem. The issue just started yesterday. Since
the fact that another coworker started to have the same problem behind
their router which is not m0n0wall, the problem sounds like it isnt
anything on the client end but on the VPN server but at work they arent
finding a problem.
Here is what I see being blocked in my logs after trying to connect with
the client(I blocked out the whole IP of the VPN server):
15:24:27.989306 WAN 66.133.x.x 10.5.27.21 UDP
15:24:22.987884 WAN 66.133.x.x 10.5.27.21 UDP
15:24:21.015540 WAN 66.133.x.x 10.5.27.21 UDP
15:24:13.016823 WAN 66.133.x.x 10.5.27.21 UDP
I added a rule in my firewall on the WAN to allow all UDP traffic from
source 66.133.x.x. Here is what my rule looks like:
Proto Source Port Destination Port
UDP 220.127.116.11 * * *
I would think that even if this rule doesnt fix the issue at the very
least m0n0wall wouldnt be blocking the incoming UDP.