[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem with using vpn-1 Securemote client.
 Date:  Fri, 18 Apr 2008 22:47:48 +0100
Hi,

In message <48088387 dot 3972 dot 955DF3 at rlpumphrey dot 1mage dot com>, Robert Pumphrey
<rlpumphrey at 1mage dot com> writes
>I have a problem with using VPN-1 SecurRemote client.
>I'm using Monowall 1.23 on a standard
>I see in the firewall logs that the UDP connection is being blocked:
>
>X 10:52:03.371251 WAN 207.109.XX.XX 192.168.XX.XX UDP
>or the raw view:
>10:52:03.371251 xl1 @200:3 b 207.109.XX.XX -> 192.168.XX.XX PR udp len 20
>(224) (frag 14451:204@1480) K-S K-F IN
>On the WAN interface I have added two rules
>The first one allows UDP from 207.109.XX.XX any port, to our LAN on any port
>And second rule on the WAN interface allows any protocol from 207.109.XX.XX
>any port to our LAN on any port.
>So two questions.
>How do I tell which of the rules bocked the UDP connections?
>Why if I think I have rule allowing UDP is it still being blocked?

I don't follow how you've got this configured.  Do you have SecuRemote
on the LAN?

If so, you don't need to add any rules on the WAN interface, just on the
LAN interface to allow the SecuRemote traffic out.  As m0n0wall is
stateful it will automatically allow the replies.

The traffic is more than likely being dropped by fragmentation.  Tick
the 'Allow fragmented packets' option on the rule that lets the traffic
out (default LAN to any rule?) and you'll probably find it works fine.

I have SecuRemote working here with no problems.

HTH,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk