Ive been monitoring the WAN connection in Singapore and it appears to be
fine (ie not dropping out).
Im wondering if its now worth upgrading to 1.32b so that I can enable NAT-T
on the IPSEC connection to Osborne Park ?
Other than that Ive setup a few test VPNs between 3 sites and I actually
find on all of them that pinging and dataflow tends to stop quite often. The
SAD and SPD are always correct but there is simply no dataflow at all from
what I can tell.
I just upgraded one firewall to 1.32b over the net and it toasted itself so
Im not going to try that anytime soon with the singapore one!
From: Bjoern Euler [mailto:lists at edain dot de]
Sent: Friday, 22 December 2006 6:16 AM
To: m0n0wall at lists dot m0n0 dot ch
Cc: jai at innaloo dot net
Subject: Re: [m0n0wall] Random lack of Dataflow over IPSEC VPN
On 21.12.2006 15:08 Jai Ketteridge wrote:
> still doesnt work. During the time that the link works I can ping the
> firewalls LAN IP by pinging it from the monowall ping command and setting
> the ping to go via the LAN (not WAN).
Mmh, without Racoon reporting errors I doubt that it's a problem within
I still suspect the D-Link to be the troublemaker...
Well, I would trace for ESP packets on the WAN side of the M0n0wall in
Singapore while doing the ping as described above.
Unfortunately (in this case) M0n0wall auto-adds the required IP Filter
rules without logging so you could not easily get your hands on the
packets through filter logging with m0n0.
Does the Dlink have a trace/tcpdump thing or do you have any other
devices in the segment between m0n0s WAN and the Dlink for tracing?
Do you have contacted the provider of the line in Singapore to rule out
any problems from them?