Re: [m0n0wall] VPN client trouble behind m0n0wall

From:	"Gregory Abbott" <blondguyg at seezar dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] VPN client trouble behind m0n0wall
Date:	Sat, 19 Nov 2005 15:37:17 -0500 (EST)

Peter Allgeyer wrote:
> Am Samstag, den 19.11.2005, 11:36 -0500 schrieb Gregory Abbott:
>
>
>>Anyway, I noticed in my m0n0wall logs that when I try to connect I see the
>>WAN interface blocking UDP from the concentrator IP address to the nat IP
>>of my machine the client is running on.
>
> Can you be a little more specific on this point? Cisco IPSec normally
> uses port 4500/udp for tunneling NAT devices. There shouldn't be any
> problems with m0n0wall and/or NAT on this point.
>
> BR,
>    PIT
>

Well, thats whats odd. I've been using VPN from behind my m0n0wall for
about 6 months with no problem. The issue just started yesterday. Since
the fact that another coworker started to have the same problem behind
their router which is not m0n0wall, the problem sounds like it isnt
anything on the client end but on the VPN server but at work they arent
finding a problem.

Here is what I see being blocked in my logs after trying to connect with
the client(I blocked out the whole IP of the VPN server):

15:24:27.989306  WAN          66.133.x.x   10.5.27.21          UDP
15:24:22.987884  WAN         66.133.x.x   10.5.27.21         UDP
15:24:21.015540  WAN         66.133.x.x   10.5.27.21         UDP
15:24:13.016823  WAN         66.133.x.x   10.5.27.21         UDP

I added a rule in my firewall on the WAN to allow all UDP traffic from
source 66.133.x.x. Here is what my rule looks like:

Proto      Source           Port    Destination   Port
  UDP           66.133.170.14        *           *              *

I would think that even if this rule doesnt fix the issue at the very
least m0n0wall wouldnt be blocking the incoming UDP.

-Greg