Lonnie, Yes, it works perfectly now. Who would have thought turning the firewall *on* would have solved the problem?
The only minor issue was that the ipsec-vpn firewall plugin was not automatically enabled. That probably would have happened automatically if the firewall had been on when I first configured the IPSec VPN. Thanks again, I never would have been able to figure that out on my own. Tom Lonnie wrote: > Tom, > > For IPSec to properly work, the Firewall must be enabled, as such the > ipsec-vpn firewall plugin will automatically be enabled to do it's magic. > > Before enabling the firewall, be sure to allow traffic in, you could start > with Network tab -> Firewall Configuration, minimally add: > -- > Pass EXT->Local TCP/UDP 0/0 0-65535 > -- > Then enable the firewall and "Restart Firewall" to start it. Note, the IPSec > traffic, including ESP (50) is automatically allowed with the ipsec-vpn > plugin. > > Give that a try and see if it solves your problem. > > It is assumed your are NAT forwarding ESP (50), UDP 500 and UDP 4500 to the > AstLinux box. > > Lonnie > > > On Oct 3, 2012, at 11:54 PM, Tom Rhodes wrote: > >> The VPN works on iOS 5 and 6 and windows 7 but only from the external client >> to the astlinux server. I cannot connect to any devices on the same subnet >> such as the web interface to my router using an IP address or to the outside >> world using a FQDN or IP address. >> >> The astlinux server is behind a NAT router, only uses one Ethernet interface >> and the astlinux firewall is disabled. The astlinux server is directly wired >> to the router. >> >> I have run tcpdump from the astlinux server. When I browse from the client >> remotely to the router's web page using an ip address I can see the IPSec >> frames from the outside IP address and SYNs from the IP address of the base >> IPSec range to the IP address of the router. Both are on the same subnet. I >> never see a response from the router. Sniffing the wire between the astlinux >> server and the router, I can see the IPSec frames but I don't see the SYN >> frames from the astlinux server to the router. >> >> At a minimum, I'd like to be able to connect to devices on the local subnet. >> I'd eventually like to tunnel through the astlinux server to the outside >> world. >> >> Have I missed something or is this working as designed? >> >> Thanks >> Tom ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
