1.3b2; VPN; NAT-T; ping works but not much more

From:	"Marek Läll" <marek dot lall at neti dot ee>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	1.3b2; VPN; NAT-T; ping works but not much more
Date:	Tue, 27 Feb 2007 23:31:23 +0200

> - NAT-T support for IPsec VPN

I have similar configuration.
 monowall-1        debian        monowall-2
int1/pub1  <-> pub2/int2 <-> mono2-ext/mono2-int

monowall-1 - mobile/nat-t/RSA 1024-bit
monowall-2 - tunnel/nat-t/RSA 1024-bit

(1) tunnel goes up. It is possible to ping ip addresses
    on other sides (works both directions)
    If i start Remote Desktop in net "int1" and try to connect
    to net "mono2-int" then monowall 2 has the following entries
    in firewall log about UDP (no port!):
    DROP WAN <IP pub1> <IP mono2-ext> UDP


On IPsec/SAD page I see the following output
Source   Destination
Invalid  extension
Invalid  extension


regards,
Marek