On 4/25/07, Aaron Cherman <aaronc at morad dot ab dot ca> wrote:
> I did try that but it did not help. I also tried allowing all traffic in on
> the WAN interface destined for the public IP he is routed.
That's adequate for every VPN client I know of on 1.2x. I know you
were having issues with 1.2x freezing up in your environment, but is
there any way you can temporarily downgrade to 1.231 and see if the
same config works with it? You can use the firmware upgrade to load
1.231 from 1.3b1, and upgrade back to 1.3b when you're finished.
This post from Paul Taylor makes me wonder if ipf 4.x has NAT or
firewall issues that occur in some relatively uncommon setups.
which is why I suggest the relatively drastic step of downgrading
temporarily. That and I'm not sure what else to suggest.