Re: Re: IPSEC Mobile Clients Error

From:	"Marek Läll" <marek dot lall at neti dot ee>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: Re: IPSEC Mobile Clients Error
Date:	Sat, 6 Oct 2007 00:49:45 +0300

I built test case like that:

WinXP2 - VPN server (m0n0) - <public net> - JustFirewall (m0n0) - VPN NAT-T 
client (m0n0) - WinXP2

All 3 monwalls are based on: cdrom-1.3b4.iso

"VPN server" is configured to serve "mobile clients".
"VPN NAT-T client" is configured to establist tunnel using NAT Traversal

Everything works well (tunnel is established, ping works both directions, 
...) until
the packets get bigger than 1410 bytes

"ping <ip> -l 1411" (to ping from WinXP2 to WinXP1) produces "Request timed 
out."
and at the same time I can see that UDP packets are dropped by node 
"JustFirewall".
(There is only 1 firewall rule on LAN and WAN interface that enables any 
Source to any Destination and
"Allow fragmented packets" is checked. Also System-->Advanced setup-->Allow 
fragmented IPsec packets
is checked)

It seems i face the same problem that is described here:
http://forum.m0n0.ch/index.php/topic,30.0.html

regards,
Marek.