Jeff Pitman wrote: > > --- Yan Seiner <[EMAIL PROTECTED]> wrote: > > Is it possible that you are using UDP for the > > connection? (Sorry, I > > missed the first part of the discussion). > > Yes! That was my problem, I need to use TCP. Kudos > to bishop for a nice config tool to help start a > standard configuration.
Glad to help... That one bit me a bunch of times. Now you have to watch out for those pesky tcp-over-tcp problems. > > > What't really needed on the client end is a > > vtun-conntrack iptables > > module that says: hey, I just saw a vtun connection > > initiated to TCP > > port X. > > I would like to use UDP, but considering the > circumstances, that's not going to be possible. We > use an Intel NetStructure VPN device and I doubt they > have connection tracking going on. Though this does > interest me quite a bit I might do some testing on my > home network. Can't we just copy the ftp conntrack > stuff over? Guess I need to open up the code... unless you are planning to use the work end as a client, you don't need conntrack on it. It's the server that connects back to the client using UDP. I don't think you can use ftp_conntrack. It says soemthing like, I just saw an tfp TCP control connection to out to IP x.y.z.a, so I'll let the next connection from x.y.z.a to a random TCP high port in. What we need is a vtun conntrack that says, I just saw a TCP connection go out to x.y.z.a on port X, so I'll let the next connection to port X using UDP in. The problem is compounded by the fact that vtun does not have an assigned port, so the module would have to be told what your vtun control port is. What's really needed is a look at the vtun code, and change how it handles UDP. The server should never connect back to a client with modern firewalls. The client should connect using a known TCP port, then be told what UDP port to use. Hey, I'm good at figuring out what needs to be done, but I would not know where to begin doing it. :-) --Yan -- Future fighter pilots: Me: Akari, WHAT are you DOING? Akari, age 3: Pushing the envelope. 5:49am up 7 days, 23:16, 16 users
