Thanks for the pointer Eric, I'm assuming that you indicate this as a possible solution to a high level of trafic or high count of connections, but I doubt this would be the problem for us.
We have only 20-30 computers behind this firewall which seems like a fairly low number in the scheme of things. I'll take a look at this though. Thanks! Richard > -----Original Message----- > From: Eric Spakman [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 06, 2005 1:13 PM > To: Richard Amerman > Cc: Arne Bernin; Leaf-User > Subject: RE: [leaf-user] Bering uClibc IPSEC VPN issues > > > Hello Richard, > > Not sure if this is your problem, but did you take a look at: > http://leaf.sourceforge.net/doc/guide/bucu-conntrack.html > > Eric > > > > > Thanks for the reply Arne, > > > > > >> -----Original Message----- > >> From: Arne Bernin [mailto:[EMAIL PROTECTED] > >> > > > >> I do not really understand what your Problem is. Maybe you could > >> explain it a bit more... You have Problems after reboot or you fix > >> the problems with a reboot ? You are using standard IPSEC for this > >> connection (no nat-t) ? > > We are using the NetScreen-Remote client from behind our > firewall to > > connect to a remote NetScreen Firewall/VPN box at our hosting > > facility. > > > > Was working fine. > > > > > >> What exactly is going wrong ? Are you using masquerading ? > >> > > Everything is masqueraded behind the firewall so we are using Nat-T > > and the NetScreen client does seem to be using this. > > > > When things do not go OK some of the symptoms are that the firewall > > still recognizes that there is a connection from the client in > > question to the remote VPN box so no entry is written in the FW log > > (we have all Policies logging for now to help troubleshoot). I have > > used Snort (installed on the firewall) to sniff the traffic > to the VPN > > client when it is trying to connect and it is getting > packets from the > > remote VPN box but appears to be ignoring them. > > > > This seems to me to be some case of Nat-T not working properly, the > > UDP packets being munged in a way that is not working with > the client, > > or other similar issues. The problem is that sometimes it > works for a > > while then it doesn't for a bit. Very inconsistent. > > > > Richard > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: > > Power Architecture Resource Center: Free content, downloads, > > discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl > > > ---------------------------------------------------------------------- > > -- > > leaf-user mailing list: [email protected] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > Support Request -- http://leaf-project.org/ > > > > > > > > ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
