Darren Reed wrote:
Dave Ockwell-Jenner wrote:
Yes, indeed. The relevant line from ipnat.conf is:
map eri0 192.168.1.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp
udp port 500 is passed through the firewall, as well as ESP and AH
protocols, a-la:
pass in log on eri0 proto udp from any to any port = 500 group 110
pass in log on eri0 proto esp from any to any
pass in log on eri0 proto ah from any to any
With rules like that in ipf.conf, try running without the proxy line for
ipsec.
Well, I commented out the line for the ipsec proxy - and hey presto - a
working VPN solution! Connected first time, and the tunnel has been up
and running for 25 minutes or so without problem. Prior to that I was
getting maybe 5-10 minutes tops.
But I'm still interested in the crash dump :)
Hope you got them OK :)
