From: Brian N. <pro...@ya...> - 2007-02-07 05:42:55
|
OK, umm, tried NAT-T -- no good. It might be the Linksys clients, but they seem to support NAT-T in the documentation. Is there some kind of option on the interfaces that might be causing this? Maybe the traffic control? Does listing that machine as a provider have strange consequences? I've even tried (possibly foolishly) too insert in front rules to DNAT -- no luck. Then I tried marking and then DNAT'ing. Nope. The server still rejects. I've determind that it may very well be that this server hates me or I am the victim of international mental terrorism/torture. I'm going to give installing on the firewall a shot, but that mucks up my architecture badly between owners of equipment in this data center. ---moving VPN to firewall was successful, but highly undesirable--- Arrrrg, I don't want to move all those construction guys to OpenVPN because they are too stupid to use it, even with the cute GUI. Many thanks again Tom. Tom Eastep <te...@sh...> wrote: Brian Neu wrote: > tried this once before on: Date: Fri, 2 Feb 2007 09:43:28 -0800 (PST) > I don't understand why you are seeing the behavior that you are seeing. OTOH, NAT-T was invented for a reason (the reason being that NAT of IPSEC doesn't work reliably). So I suggest that you implement NAT-T between these gateways or move the local gateway to the firewall system. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642_______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users |