[ previous ] [ next ] [ threads ]
 From:  "Marek Läll" <marek dot lall at neti dot ee>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Re: AW: Problem with IPSec VPN Tunnel - MTU-Size?
 Date:  Thu, 14 Feb 2008 22:53:00 +0200
"Kristian Shaw" <monowall at wealdclose dot co dot uk> wrote in message 
> In your example, vm3 is acting as a router. In it's default configuration, 
> it will drop fragmented packets which will break the VPN from vm2 to vm4, 
> so did you allow fragments in the rules that let traffic pass from 
> LAN->WAN and WAN->LAN?
> Ideally, vm3 would just be a router, without running any sort of firewall 
> at all.

In sandbox setup there is everything enabled on any interface (including 
fragmented packets)

On every m0n0wall:
- System: Advanced setup: "Allow fragmented IPsec packets" is checked
- there is 1 rule on every interface that allows "any -> any" (Allow 
fragmented packets is checked)