On Sun, Aug 03, 2003 at 07:41:37PM -0300, Julian Escaglia wrote:
> The Checkpoint vpn client (secure remote) seems to be the problem with the
> checksum error.
Same question: why is pf seeing any plaintext packets instead of ipsec
encapsulated ones? If you create a vpn connection with pf not bei
On Mon, Aug 04, 2003 at 03:38:18PM +1000, Craig Barraclough wrote:
> *I'm running ipsec between the machines (same config as used with other boxes,
> with no connection breakage)
Well, then the obvious question is why pf sees a plain TCP packet, isn't
it supposed to be ipsec encapsulated?
Check
Hi All,
Just some more info to help:
*flags keyword is not used
*this can happen in the middle of my using a ssh session
*optimization is set to normal
*this is inside a LAN
*I'm running ipsec between the machines (same config as used with other boxes,
with no connection breakage)
*adpative timeou
On Mon, Aug 04, 2003 at 02:55:08PM +1000, Craig Barraclough wrote:
> Hi all,
> I've got a strange occurence with connection to one of my boxes, during ssh
> connections, I'll quite commonly have the connection freeze then drop, with
> an entry in pflog:
> Followed by a series of (13) resets:
Hi all,
I've got a strange occurence with connection to one of my boxes, during ssh
connections, I'll quite commonly have the connection freeze then drop, with
an entry in pflog:
Aug 04 14:46:53.753157 rule 5/0(match): block in on dc0: se.r.v.er.22 >
de.sk.to.p.25414: P 738304278:738304310(32) a
You're right, its Citrix Metaframe. I tried the new client and that's not
the problem.
The Checkpoint vpn client (secure remote) seems to be the problem with the
checksum error.
I tried diferent versions but they all work the same way, i don't know if
they do that on purpose or its a bug (featur
On Sun, Aug 03, 2003 at 10:02:18PM +0200, Saad Kadhi wrote:
> The gw is running 3.3-stable as of 20030714 (userland && kernel). The
> patch that Daniel asked Ed Powers to apply is there. I rebuilded authpf
> just to make sure it's in there.
That patch is now part of -stable, make sure you didn't
Hello Trevor/Daniel,
Sorry for late reply I was on leave. When I only have a pass log rule and
telnet to 196.4.160.2 53 I get this:
23:18:54.694500 opium.co.za.4774 > apollo.is.co.za.domain: S
4194577793:4194577793(0) win 65535 (DF)
[tos 0x10]
23:18:54.694504 opium.co.za.4774 > apollo.is.co.za.d
Hi there folks,
I have a situation here that have similarities w/ the situation Ed
Powers had some time ago [1]. Here is a rough diagram of my network:
DMZ
|
|xl0
+-+
tun0|