"Kristian Shaw" <monowall at wealdclose dot co dot uk> wrote in message
> In your example, vm3 is acting as a router. In it's default configuration,
> it will drop fragmented packets which will break the VPN from vm2 to vm4,
> so did you allow fragments in the rules that let traffic pass from
> LAN->WAN and WAN->LAN?
> Ideally, vm3 would just be a router, without running any sort of firewall
> at all.
In sandbox setup there is everything enabled on any interface (including
On every m0n0wall:
- System: Advanced setup: "Allow fragmented IPsec packets" is checked
- there is 1 rule on every interface that allows "any -> any" (Allow
fragmented packets is checked)