[ previous ] [ next ] [ threads ]
 
 From:  "Polus, Tomasz" <tomek at polvision dot com dot pl>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  FW: m0n0wall blocks incoming UDP 500
 Date:  Tue, 14 Mar 2006 23:34:40 +0100
Come on guys, I don't believe m0n0wall working as a NAT gateway cannot
pass returning UDP 500 packets.... Isn't it what a stateful firewall
is all about??

Please share your opinions. Thank you.

-- 
Tomasz Polus

> -----Original Message-----
> From: Polus, Tomasz 
> Sent: Monday, March 13, 2006 9:17 AM
> To: 'm0n0wall at lists dot m0n0 dot ch'
> Subject: m0n0wall blocks incoming UDP 500
> 
> Hello,
> 
> My home computer is located behind m0n0wall, which is 
> connected directly to Internet (public IP).
> At work, I have a Linksys RV042 router, which is also 
> connected directly to Internet (public IP).
> 
> During last couple months, I've been using Linksys QuickVPN 
> software to establish VPN connection from home computer to 
> Linksys router at work.
> EVERYTHING was working great. Until I changed Linux based 
> firewall into m0n0wall. Same hardware, new software :) 
> Nothing else was changed - just switching to m0n0wall.
> 
> I prefer m0n0wall, because it has many great features, it's 
> easy to use, small, fast and it boots from CD. However, this 
> simple VPN problem is driving me nuts....
> 
> I've been doing some reasearch (logs, sniffers) and it looks 
> like m0n0wall is blocking returning UDP 500 packets, so IKE 
> negotiation (main mode) is not successful. I found similar 
> problems here in mailing list archive, but no final answer.
> Tried enabling IPSEC on m0n0wall. Tried passing through ESP 
> (IP50), AH (IP51), UDP 500, 4500 at m0n0wall firewall. Tried 
> to forward UDP 500,4500 from m0n0wall directly to my home 
> computer. Nothing worked. Finally I tried putting a "pass all 
> traffic in both directions" rule to make sure nothing is 
> blocked. And it still doesn't work!
> 
> In my sniffer, I can see that UDP 500 packets go out but no 
> packets are coming back, while on previous Linux router 
> everything was OK.
> 
> Currently my m0n0wall firewall/NAT configuration is the same 
> as default. I suppose this VPN connection should be working 
> like charm, so what's going on?
> Please help... Thank you.
> 
> --
> Tomasz Polus
>