OK, umm, tried NAT-T -- no good. It might be the Linksys clients, but they
seem to support NAT-T in the documentation.
Is there some kind of option on the interfaces that might be causing this?
Maybe the traffic control?
Does listing that machine as a provider have strange consequences?
I've even tried (possibly foolishly) too insert in front rules to DNAT -- no
luck. Then I tried marking and then DNAT'ing. Nope. The server still rejects.
I've determind that it may very well be that this server hates me or I am the
victim of international mental terrorism/torture.
I'm going to give installing on the firewall a shot, but that mucks up my
architecture badly between owners of equipment in this data center.
---moving VPN to firewall was successful, but highly undesirable---
Arrrrg, I don't want to move all those construction guys to OpenVPN because
they are too stupid to use it, even with the cute GUI.
Many thanks again Tom.
Tom Eastep <[EMAIL PROTECTED]> wrote: Brian Neu wrote:
> tried this once before on: Date: Fri, 2 Feb 2007 09:43:28 -0800 (PST)
>
I don't understand why you are seeing the behavior that you are seeing.
OTOH, NAT-T was invented for a reason (the reason being that NAT of IPSEC
doesn't work reliably). So I suggest that you implement NAT-T between these
gateways or move the local gateway to the firewall system.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
