Re: [m0n0wall] Re: ipsec vpn starts one-way

From:	"Neil A. Hillard" <m0n0 at dana dot org dot uk>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Re: ipsec vpn starts one-way
Date:	Sat, 19 Apr 2008 18:04:07 +0100
Hi,

In message <1208623570 dot 3212 dot 14 dot camel at laptop dot localdomain>, Joe
<j dot commisso at verizon dot net> writes
>
>I just noticed that the site on the right has 22045 LAN collisions while
>the site on the left has 0.
>
>The site on the right also has an older LAN NIC and is at "10baseT/UTP
><half-duplex>". I think the LAN NIC is a 3com.

That in itself doesn't necessarily mean anything's wrong.  It may be
connected to a hub or a switch port that's been set to 10Mbps half
duplex.

If it's connected to a switch and there's a duplex mismatch then it's a
different matter and you may have to force it to full duplex in the
config.

HTH,


                                Neil.

>On Sat, 2008-04-19 at 12:11 -0400, Joe wrote:
>> As an added note on this, I don't know if I made myself too clear.
>> Being that the tunnel only forms when pinging from the left, this is a
>> big problem for us, since I can't do it during working hours because
>> users (on the right) sessions get severed.
>>
>> Our business structure has sessions initiating on the right end, but
>> m0n0wall only builds the tunnel when pinging from the left.
>> After that, everything seems fine.
>>
>> I don't know what added info to include on this issue, but will be glad
>> to provide it if needed.
>>
>> Thanks,
>> Joe
>>
>>
>>
>> On Fri, 2008-04-18 at 21:57 -0400, Joe wrote:
>> > Hi,
>> >
>> > I have an ipsec 1.3b10 - 1.3b11 tunnel running between two static IP
>> > addresses.
>> >
>> > I also have a m0n0wall server at home where I have a non-static DSL
>> > modem.
>> >
>> > When I power up my home systems, I check the home IP address of my
>> > m0n0wall server here. Then I log into one of the static IP m0n0wall ends
>> > of the tunnel and change the ipsec page to save my home IP address as a
>> > static IP end of a new tunnel.
>> >
>> > I save it. I "apply changes". Then I have a tunnel from home and I'm
>> > connected.
>> >
>> > The problem is that when I press "apply changes" to save the ipsec page,
>> > the original tunnel is severed and won't come up until something like a
>> > ping is issued from one end only.
>> >
>> > If something like a ping or telenet session is issued from the second
>> > end, it hangs until the tunnel is brought up from the first end.
>> >
>> > Any help would be appreciated. m0n0wall is appreciated.
>> >
>> > Joe
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk