[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Panics with IPsec tunnels
From:       Dave Ockwell-Jenner <doj () solar-nexus ! com>
Date:       2007-05-05 3:11:42
Message-ID: 463BF5EE.8020604 () solar-nexus ! com
[Download RAW message or body]

Darren Reed wrote:
> Dave Ockwell-Jenner wrote:
>   
>>   Yes, indeed. The relevant line from ipnat.conf is:
>>
>> map eri0 192.168.1.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp
>>
>> udp port 500 is passed through the firewall, as well as ESP and AH
>> protocols, a-la:
>>
>> pass in log on eri0 proto udp from any to any port = 500 group 110
>> pass in log on eri0 proto esp from any to any
>> pass in log on eri0 proto ah from any to any
>>     
>
>
> With rules like that in ipf.conf, try running without the proxy line for
> ipsec.
>   
Well, I commented out the line for the ipsec proxy - and hey presto - a 
working VPN solution! Connected first time, and the tunnel has been up 
and running for 25 minutes or so without problem. Prior to that I was 
getting maybe 5-10 minutes tops.
> But I'm still interested in the crash dump :)
>
>   
Hope you got them OK :)

[prev in list] [next in list] [prev in thread] [next in thread]