[isf-wifidog] Huge problems with Cisco VPN (IPsec)
Max Horváth
max.horvath at maxspot.de
Mar 13 Juin 07:59:38 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So I've been using tcpdump to check what happends:
IP (tos 0x0, ttl 64, id 33541, offset 0, flags [none], length: 892)
10.22.11.176.500 > vpn.***.500: isakmp 1.0 msgid : phase 1 I agg: [|
sa] (len mismatch: isakmp 848/ip 864)
Anybody has an idea how to solve the len mismatch problem?
Cheers, Max!
Max Horváth wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Well,
>
> that's the funny part:
>
> to make it short - it works if you shut down the gateway.
>
> BUT!
>
> The internet connection as is only works if(!!!) the two lines in /
> etc/init.d/S45firewall
>
> iptables -A FORWARD -i br0 -o br0 -j ACCEPT
> iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
>
> get uncommented again. (They must be commented to ensure no port
> being open before a client's authorization).
>
> So it works.
>
> If I start the wifidog gateway again (with those lines still
> uncommented) connecting with the Cisco VPN client doesn't work :( ...
>
> So I guess we have to add iptables commands to the gateway to make
> the VPN pass through work ...
>
> Cheers, Max
>
> Benoit Gregoire wrote:
>
>> On Sunday 11 June 2006 18:07, Max Horváth wrote:
>>> Well, in DD-WRT IPsec pass through works by loading the modules
>>> ip_conntrac_proto_gre and ip_nat_proto_gre ... I loaded them ... and
>>> I also added the iptables commands to the normal forward and input
>>> rule - but it dosn't work - I guess it must be done directly in the
>>> wifidog gateway ...
>>
>> Did it work with wifidog shutdown?
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFEjeV0+BKgC+eQ3ooRAkhYAJ92E90gblZhsGYPJrrlakiw8PmixQCcDH0Z
> 2sj/PNIzQ2BusOZijs3hBjk=
> =jPAk
> -----END PGP SIGNATURE-----
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFEjqir+BKgC+eQ3ooRAmSNAJ0cWfq+fxP2viNYf9XDxN9zvVBIIgCfa9Rv
9Vxsl6TyLLL5ZD7/hXpehUQ=
=Sr43
-----END PGP SIGNATURE-----
More information about the WiFiDog
mailing list