Come on guys, I don't believe m0n0wall working as a NAT gateway cannot
pass returning UDP 500 packets.... Isn't it what a stateful firewall
is all about??
Please share your opinions. Thank you.
--
Tomasz Polus
> -----Original Message-----
> From: Polus, Tomasz
> Sent: Monday, March 13, 2006 9:17 AM
> To: 'm0n0wall at lists dot m0n0 dot ch'
> Subject: m0n0wall blocks incoming UDP 500
>
> Hello,
>
> My home computer is located behind m0n0wall, which is
> connected directly to Internet (public IP).
> At work, I have a Linksys RV042 router, which is also
> connected directly to Internet (public IP).
>
> During last couple months, I've been using Linksys QuickVPN
> software to establish VPN connection from home computer to
> Linksys router at work.
> EVERYTHING was working great. Until I changed Linux based
> firewall into m0n0wall. Same hardware, new software :)
> Nothing else was changed - just switching to m0n0wall.
>
> I prefer m0n0wall, because it has many great features, it's
> easy to use, small, fast and it boots from CD. However, this
> simple VPN problem is driving me nuts....
>
> I've been doing some reasearch (logs, sniffers) and it looks
> like m0n0wall is blocking returning UDP 500 packets, so IKE
> negotiation (main mode) is not successful. I found similar
> problems here in mailing list archive, but no final answer.
> Tried enabling IPSEC on m0n0wall. Tried passing through ESP
> (IP50), AH (IP51), UDP 500, 4500 at m0n0wall firewall. Tried
> to forward UDP 500,4500 from m0n0wall directly to my home
> computer. Nothing worked. Finally I tried putting a "pass all
> traffic in both directions" rule to make sure nothing is
> blocked. And it still doesn't work!
>
> In my sniffer, I can see that UDP 500 packets go out but no
> packets are coming back, while on previous Linux router
> everything was OK.
>
> Currently my m0n0wall firewall/NAT configuration is the same
> as default. I suppose this VPN connection should be working
> like charm, so what's going on?
> Please help... Thank you.
>
> --
> Tomasz Polus
>
| 