Tom, For IPSec to properly work, the Firewall must be enabled, as such the ipsec-vpn firewall plugin will automatically be enabled to do it's magic.
Before enabling the firewall, be sure to allow traffic in, you could start with Network tab -> Firewall Configuration, minimally add: -- Pass EXT->Local TCP/UDP 0/0 0-65535 -- Then enable the firewall and "Restart Firewall" to start it. Note, the IPSec traffic, including ESP (50) is automatically allowed with the ipsec-vpn plugin. Give that a try and see if it solves your problem. It is assumed your are NAT forwarding ESP (50), UDP 500 and UDP 4500 to the AstLinux box. Lonnie On Oct 3, 2012, at 11:54 PM, Tom Rhodes wrote: > The VPN works on iOS 5 and 6 and windows 7 but only from the external client > to the astlinux server. I cannot connect to any devices on the same subnet > such as the web interface to my router using an IP address or to the outside > world using a FQDN or IP address. > > The astlinux server is behind a NAT router, only uses one Ethernet interface > and the astlinux firewall is disabled. The astlinux server is directly wired > to the router. > > I have run tcpdump from the astlinux server. When I browse from the client > remotely to the router's web page using an ip address I can see the IPSec > frames from the outside IP address and SYNs from the IP address of the base > IPSec range to the IP address of the router. Both are on the same subnet. I > never see a response from the router. Sniffing the wire between the astlinux > server and the router, I can see the IPSec frames but I don't see the SYN > frames from the astlinux server to the router. > > At a minimum, I'd like to be able to connect to devices on the local subnet. > I'd eventually like to tunnel through the astlinux server to the outside > world. > > Have I missed something or is this working as designed? > > Thanks > Tom ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
