[ VPN stuff concerning 3.3's NAT with ESP/AH ]
However, from one of these sites, you can use RDP, i.e. Terminal Services,
over the VPN cleanly. But from another, we cannot, i.e.
A -> 3.1 using RDP over VPN - OK A -> 3.3 using RDP over VPN - OK B -> 3.1 using RDP over VPN - OK B -> 3.3 using RDP over VPN - FAILURE!!
But B can ping the W2K machine behind 3.3, and vica versa.
This the second posting I've seen about RDP over a VPN traveling through a 3.3 box. Can you verify that it's actually using the tunnel, and not somehow skipping around it? Or is there any unusal traffic you notice from it?
Does anybody have any cute TCPDUMP commands on how I watch the VPN traffic? I use effectively
Tunnel activity can be seen with basic tcpdumping on an interface: tcpdump -nvi tun0
You could add a "host one.vpn.endpoint.address" at the end of that to limit what it shows.
Traffic inside an ESP tunnel can't be viewed from anywhere but the endpoints.
pass out log quick on $EXTERNALINTERFACE proto { udp, tcp, icmp } all pass out log quick on $EXTERNALINTERFACE all
The packets pf passes will show up via tcpdump -eni pflog0 but they should be the same as what's going over the external interface.
Enabling misc debugging for pf (pfctl -xm) and watching /var/log/messages may be of use, but probably not. -xn to turn it off.