From: Jason Opperisano <opie@817west.com>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: protocol 50 unreachable
Date: Thu, 2 Dec 2004 12:25:31 -0500 [thread overview]
Message-ID: <20041202172531.GA5363@bender.817west.com> (raw)
In-Reply-To: <CACE583C-4474-11D9-A63B-0003939B51C0@grajagan.org>
On Thu, Dec 02, 2004 at 07:13:59AM -0800, Helge Weissig wrote:
> Jason,
>
> my ESP packets do not go from the external interface to the internal
> one and vice versa. The connection to the VPN server works when I hook
> up directly with no changes other than the IP of the client. I cannot
> see how this would be a problem with the VPN network at all.
>
> h.
looking at your logs--all your ESP packets are from client->server.
you don't have a single ESP packet from server->client. so when you
say, "my ESP packets do not go from the external interface..." you are
ignoring the fact that there are no ESP packets ever getting to your
external interface.
which brings me back to what i said several replies ago:
your VPN server is discarding the ESP packets from your client as a
result of the mangling of your intermediate NAT device.
either make the VPN server more tolerant, or use NAT-T on your client.
-j
--
"Ah, good ol' trustworthy beer. My love for you will never die."
--The Simpsons
next prev parent reply other threads:[~2004-12-02 17:25 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-01 22:51 protocol 50 unreachable Helge Weissig
2004-12-01 23:59 ` John A. Sullivan III
2004-12-02 0:07 ` Helge Weissig
2004-12-02 0:29 ` Jason Opperisano
2004-12-02 3:29 ` Helge Weissig
2004-12-02 3:46 ` Jason Opperisano
2004-12-02 4:00 ` Helge Weissig
2004-12-02 4:09 ` John A. Sullivan III
2004-12-02 4:12 ` Jason Opperisano
2004-12-02 4:53 ` Helge Weissig
2004-12-02 5:15 ` John A. Sullivan III
2004-12-02 5:44 ` Helge Weissig
2004-12-02 15:14 ` Jason Opperisano
2004-12-02 15:13 ` Helge Weissig
2004-12-02 17:25 ` Jason Opperisano [this message]
2004-12-02 18:22 ` Helge Weissig
2004-12-02 18:54 ` John A. Sullivan III
2004-12-02 20:11 ` Jason Opperisano
2004-12-02 19:26 ` Helge Weissig
2004-12-02 20:56 ` Jason Opperisano
2004-12-02 20:12 ` Helge Weissig
2004-12-02 21:30 ` Jason Opperisano
2004-12-03 6:35 ` Philip Craig
2004-12-03 17:11 ` Helge Weissig
2004-12-04 2:20 ` Alistair Tonner
2004-12-04 2:35 ` Jason Opperisano
2004-12-04 3:03 ` Helge Weissig
2004-12-02 4:03 ` John A. Sullivan III
2004-12-04 17:07 ` Helge Weissig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041202172531.GA5363@bender.817west.com \
--to=opie@817west.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.