[ previous ] [ next ] [ threads ]
 From:  Bob Gustafson <bobgus at rcn dot com>
 To:  Monowall Support List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] 1.3b10 ipsec interface
 Date:  Sat, 15 Mar 2008 15:25:01 -0500
As a help, you could configure your WAN interface to go to another
(your) computer. Configure a DCHP server on (your) other computer so
that it 'looks' like a WAN out to the wide world.

Then you can look at packets going in and out the WAN port (with windump
on your other computer) and if you have windump on your LAN computer,
you can see things going in and out there.

You can also use the serial cable to tweek things as necessary.

I am currently moving along with a similar (but more difficult - only
have one ethernet port on ALIX board..) setup.

On Sat, 2008-03-15 at 03:38 -0400, Adam Gibson wrote:
> I have a VPN going from a remote firewall to an opt interface on 
> m0n0wall and currently experiencing problems with packets that need to 
> be fragmented.  I can see from windump on the desktop that a packet is 
> being sent from the desktop on the m0n0wall opt1 subnet that would need 
> to be fragmented but the desktop just keeps retransmitting it(Remote 
> Desktop protocol).  Does the new ipsec stuff with the ipsec interface 
> only apply for tunnels that use the LAN as the subnets?
> I also read the changelog where it mentions the firewall rules page for 
> the ipsec interface can be used to control access through the VPNs.  I 
> enabled logging on that default rule(and enabled framentation on it) but 
> none of my vpn traffic is being logged by that rule.  I have to use a 
> rule on the opt interface to get traffic to pass.  Could this be why the 
> MTU issues are still around for me (because the ipsec interface is only 
> for the lan interface?).
> Also if anyone knows where to get an image of b10 with tcpdump or a 
> static build of tcpdump that I could upload with exec.php it would be 
> appreciated.  Trying to troubleshoot without tcpdump is not fun.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch