Re: [m0n0wall] VPN client trouble behind m0n0wall

From:	Peter Allgeyer <allgeyer at web dot de>
To:	Gregory Abbott <blondguyg at seezar dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] VPN client trouble behind m0n0wall
Date:	Fri, 25 Nov 2005 11:02:18 +0100

Hi Gregory!

Am Donnerstag, den 24.11.2005, 19:32 -0500 schrieb Gregory Abbott:
> Here is a raw log from the m0n0wall, looks like its only showing denied
> packets, I must be missing the setting to log all accepted packets?):
Try setting up a rule like this one at the top of your ruleset:

Interface SRC IP      DST IP          Protocoll SRC Port  DST Port
LAN       10.5.27.23  66.133.170.14   any       any       any

Set "Allow fragmented packets" and "Log packets that are handled by this
rule" to true and give us a new output of the raw filter log (including
the initial SYN packet).

It seems that the people on the concentrator side are blocking ICMP
message type 3 (Unreachable) code 4 (Fragmentation--DF--Set). Really a
bad idea when it comes to VPNs.

BR,
  PIT


---------------------------------------------------------------------------
 copyleft(c) by |           Linux! Guerrilla UNIX Development Venimus,
 Peter Allgeyer |   _-_     Vidimus, Dolavimus.  -- Mark A. Horton KA4YBR,
                | 0(o_o)0   mah at ka4ybr dot com
---------------oOO--(_)--OOo-----------------------------------------------