Are you pinging the m0n0wall's themselves or hosts behind them?
Check that you have the 'allow fragmented packets' box ticked on every rule
that would allow traffic out via the VPN.
If you go to http://m0n0wall-ip/status.php you can see the generation
ruleset. You should be able to see the 'keep frags' keyword on the generated
----- Original Message -----
From: "Jeff Buehler" <jeff at buehlertech dot com>
To: "Kristian Shaw" <monowall at wealdclose dot co dot uk>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, February 10, 2006 2:31 AM
Subject: Re: [m0n0wall] outlook -> exchange problem
> Hi Kris -
> OK, two of the three ipsec VPNs can now successfully "ping dest-vpn -l
> 2048" to any of the other two m0n0wall devices. The last m0n0wall device
> is pingable this way, but it cannot ping the other two successfully. So
> the new .img was mostly successful - I must be missing something obvious,
> but I'm not certain what it might be...
> Kristian Shaw wrote:
>> I updated one of my remote m0n0walls with the 'keep-frags' image today
>> using the built-in GUI updater and it went OK. You will get a warning
>> saying the image isn't signed but it will still install.
>> The 'keep-frags' version doesn't make any changes to your config so there
>> should be no issue with downgrading or future upgrades. It would still
>> make a backup just in case though (as with any change of firmware).
>> ----- Original Message ----- From: "Jeff Buehler" <jeff at buehlertech dot com>
>> To: "Kristian Shaw" <monowall at wealdclose dot co dot uk>
>> Cc: <m0n0wall at lists dot m0n0 dot ch>
>> Sent: Thursday, February 09, 2006 6:30 PM
>> Subject: Re: [m0n0wall] outlook -> exchange problem