Re: [m0n0wall] Random lack of Dataflow over IPSEC VPN

From:	Bjoern Euler <lists at edain dot de>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	jai at innaloo dot net
Subject:	Re: [m0n0wall] Random lack of Dataflow over IPSEC VPN
Date:	Thu, 21 Dec 2006 22:15:58 +0100

On 21.12.2006 15:08 Jai Ketteridge wrote:
> still doesnt work. During the time that the link works I can ping the other
> firewalls LAN IP by pinging it from the monowall ping command and setting
> the ping to go via the LAN (not WAN). 
Mmh, without Racoon reporting errors I doubt that it's a problem within 
IPSec.

I still suspect the D-Link to be the troublemaker...
Well, I would trace for ESP packets on the WAN side of the M0n0wall in 
Singapore while doing the ping as described above.
Unfortunately (in this case) M0n0wall auto-adds the required IP Filter 
rules without logging so you could not easily get your hands on the 
packets through filter logging with m0n0.

Does the Dlink have a trace/tcpdump thing or do you have any other 
devices in the segment between m0n0s WAN and the Dlink for tracing?

Do you have contacted the provider of the line in Singapore to rule out 
any problems from them?

Regards
-Bjoern