|
||||||||
Ive been monitoring the WAN connection in Singapore and it appears to be fine (ie not dropping out). Im wondering if its now worth upgrading to 1.32b so that I can enable NAT-T on the IPSEC connection to Osborne Park ? Other than that Ive setup a few test VPNs between 3 sites and I actually find on all of them that pinging and dataflow tends to stop quite often. The SAD and SPD are always correct but there is simply no dataflow at all from what I can tell. I just upgraded one firewall to 1.32b over the net and it toasted itself so Im not going to try that anytime soon with the singapore one! Arg! JK -----Original Message----- From: Bjoern Euler [mailto:lists at edain dot de] Sent: Friday, 22 December 2006 6:16 AM To: m0n0wall at lists dot m0n0 dot ch Cc: jai at innaloo dot net Subject: Re: [m0n0wall] Random lack of Dataflow over IPSEC VPN On 21.12.2006 15:08 Jai Ketteridge wrote: > still doesnt work. During the time that the link works I can ping the other > firewalls LAN IP by pinging it from the monowall ping command and setting > the ping to go via the LAN (not WAN). Mmh, without Racoon reporting errors I doubt that it's a problem within IPSec. I still suspect the D-Link to be the troublemaker... Well, I would trace for ESP packets on the WAN side of the M0n0wall in Singapore while doing the ping as described above. Unfortunately (in this case) M0n0wall auto-adds the required IP Filter rules without logging so you could not easily get your hands on the packets through filter logging with m0n0. Does the Dlink have a trace/tcpdump thing or do you have any other devices in the segment between m0n0s WAN and the Dlink for tracing? Do you have contacted the provider of the line in Singapore to rule out any problems from them? Regards -Bjoern |