Richard Lyman scribbled on Friday, March 03, 2006 8:38 AM: > Alrighty... here's some interesting news: (I hope this helps someone > understand/guess what is going on) > > So. I think to run 'iftop' while I go through this process that I've > been going through. > > I run 'iftop -i tun0' after I have the VPN connection established so > that it only shows me traffic on the tun0 interface. > > I ping my work machine. It starts by showing lines with unresolved IP > addresses - but it shows two. One is the ip of my machine at work, > the other is a related ip that I haven't seen before. _Then_ it > resolves the ip's to names... and guess what? It finds the name of my > computer! It says what building and room my computer is in. The other > address that I didn't recognize? It resolves to dhcp.mtc.byu.edu. So. > 'iftop' > shows the ammount of traffic that is being sent and recieved. It > shows that I'm sending traffic to those addresses - but that not a > single bit (no pun intended) is being recieved back. > > So I try grdesktop - it times out, but iftop shows that I'm > communicating with my work machine... just that it's a one way > communication. > > Did this enlighten anyone? It felt good to know that at least I was > resolving the ip's correctly. This also verified that tun0 is working > as expected - if only in one direction.
Is this with or without "Target networks" set in the config file? > > Anyone have any pointers as to what I should do now? Good stuff. It could be that the --udp option is necessary then, since it will send tunnel traffic in a one-way fashion and not wait for a response. Some TCP blocking could be going on. Do other members of your work (who use the VPN) have it set to transport Ipsec/UDP or Ipsec/TCP (it should be the far right hand column of their vpn client.)? Do you have any iptables rules on the local machine after your connection is made? "# iptables -L" Wymount shouldn't be the problem. I VPN to OIT's vpn concentrator all the time (and remote desktop). If there is a problem with Wymount, it would be the network admin for the MTC that needs to do some fiddling. Double check by getting the vpn client on your wife's computer though. You never know what rules are buried deep inside the network. Like I've said before, the MTC is one of the special cases when it comes to network traffic and is secured tighter than most campus buildings. Campus housing and wireless public are analagous to leper colonies when it comes to network traffic. Brian > > -Rich > > -------------------- > BYU Unix Users Group > http://uug.byu.edu/ > > The opinions expressed in this message are the responsibility of > their author. They are not endorsed by BYU, the BYU CS Department or > BYU-UUG. > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
