[ previous ] [ next ] [ threads ]
 From:  Mark Huizer <xaa at dohd dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Problems with IPSEC and NAT over m0n0wall fw
 Date:  Mon, 6 Mar 2006 16:06:35 +0100

I checked google and the m0n0wall mailinglist for something resembling
my problems, but I couldn't find anything that was close enough.

We have a vpn gateway at a public IP address (linux, openswan,
certificates) using IPSEC/L2TP vpns for Windows XP roadwarriors.

So far so good, works like a charm.

Now one roadwarrior has a m0n0wall firewall at home, and he cannot get
the VPN working.

The setup is basically:

VPNGW  ---- internet ---- m0n0wall ----- Windows XP

the m0n0wall is doing nat, no firewalling, just a basic 'insert cd,
configure lan/wan interfacs and dhcp and connect the windows box'
install. The version is 1.21

I installed a minimal FreeBSD system (FreeBSD 6.0) with ipfw/natd, to
make sure that his Windows configuration wasn't the issue, and as to be
expected: that worked like a charm.

It seems that somehow the NAT or some other IP related issue at the
m0n0wall box is causing this vpn connection not to work.

The VPN gateway sees traffic coming in, some traffic is exchanged but as
soon as the NAT-T related stuff should kick in, the problems start.
With tcpdump on the vpngw I see traffic coming in at udp 4500 as
expected from the windows box, but no replies. The logfiles at the vpngw
talk about malformed payloads.

Is this a known problem? Can anyone provide me with some pointers on how
to solve this issue, or explain why this is a limitation somehow?



  Faith is believing what you know ain't right