|
||||||||||
On Sat, November 19, 2005 3:35 pm, Gregory Abbott wrote: > Peter Allgeyer wrote: >> Am Samstag, den 19.11.2005, 11:36 -0500 schrieb Gregory Abbott: >> >> >>>Anyway, I noticed in my m0n0wall logs that when I try to connect I see >>> the >>>WAN interface blocking UDP from the concentrator IP address to the nat >>> IP >>>of my machine the client is running on. >> >> Can you be a little more specific on this point? Cisco IPSec normally >> uses port 4500/udp for tunneling NAT devices. There shouldn't be any >> problems with m0n0wall and/or NAT on this point. >> >> BR, >> PIT >> > > Well, thats whats odd. I've been using VPN from behind my m0n0wall for > about 6 months with no problem. The issue just started yesterday. Since > the fact that another coworker started to have the same problem behind > their router which is not m0n0wall, the problem sounds like it isnt > anything on the client end but on the VPN server but at work they arent > finding a problem. > > Here is what I see being blocked in my logs after trying to connect with > the client(I blocked out the whole IP of the VPN server): > > > 15:24:27.989306 WAN 66.133.x.x 10.5.27.21 UDP > 15:24:22.987884 WAN 66.133.x.x 10.5.27.21 UDP > 15:24:21.015540 WAN 66.133.x.x 10.5.27.21 UDP > 15:24:13.016823 WAN 66.133.x.x 10.5.27.21 UDP > > > I added a rule in my firewall on the WAN to allow all UDP traffic from > source 66.133.x.x. Here is what my rule looks like: > > Proto Source Port Destination Port > UDP 66.133.x.x * * * > > I should also mention the error the client is giving is: Secure VPN Connection terminated locally by the Client. Reson 403: Unable to contact the security gateway. > I would think that even if this rule doesnt fix the issue at the very > least m0n0wall wouldnt be blocking the incoming UDP. > > -Greg > |