/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Hi, I've got a bit of a different situation here -- I need to use cisco's vpn client ["Cisco Systems VPN Client Version 3.0.8"] to tunnel packets thru to my corporate net. all help greatly appreciated. I've gotten my test crash down to a repeatable sequence but it takes a bit to describe. my linux development machine is the gateway, w/ a ppp connection to the internet. the packets I'm tunnelling originate on a windows machine on my local net, are masqueraded by the linux machine and are ESP- wrapped by the vpn client running on the linux machine. [ I can't tunnel from the windows box: that client tunnels everything, and the application I'm running must talk to another machine on the local net, in the clear. only packets destined for a license server on the corporate net must be tunneled. I don't have the source for the windows client. ] IP masq works -- w/o the vpn client running I seem to have full connectivity on the windows box. because I have to keep that vpn client up but don't wan't to tunnel everything on my linux gateway thru to the corporate net, I've patched it to be more discriminating -- tunnel only a couple of nets, pass the rest in the clear. this seems to work. and IP masq from the windows box thru the vpn client works -- most of the time. I can telnet from the windows machine into a server at our headquarters and issue simple commands. the linux gateway, running the ip masq and vpn client code locks up hard (requires a reset) if it receives packets which are too large -- I can reliably repeat the problem by telnet-ing into a server and doing a simple ps aux -- that much output that fast locks things up. I've patched the cisco net driver to show me packet sizes and the lockup happens when it receives packet sequences of 1500 bytes followed by 72 byte fragments. It's as though the mtu / mru settings for ppp0: aren't being respected by the ip masq code: [ with the vpn client running on the linux gateway: ] if I run the test telnet session on the gateway, packet sizes are cut back to accomodate the vpn overhead and no lockup occurs; packet sequences of 1456 + 52 bytes are rec'd, accomodating the vpn overhead and respecting the mtu set for ppp0: If I run the test telnet session on the windows maxhine then the packet sizes seem to revert to 1500 + 72 byte sequences, ignoring the mtu set for ppp0 ... I've tried to restart the firewall prior to test but this has no effect. the result is a hard lockup of the linux gateway. my kernel is an unpatched 2.4.7-10, iptables v1.2.6a, configured for basic firewall operation ( the initial or test configuration ) as in the HOWTO. again, thanks for sticking with me and all help greatly appreciated. Mark -- Mark Pilon Minolta-QMS P.O. Box 37 325 Dawson County Road 227 Fallon, MT. 59326-0037 1-406-486-5539 (primary voice line) 1-406-853-0433 (cell) _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
