[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN behind ISA on one end, Monowall on the other


  • Subject: Re: [Openvpn-users] OpenVPN behind ISA on one end, Monowall on the other
  • From: "Paul Wright" <nerdmedic@xxxxxxxxx>
  • Date: Wed, 2 Jan 2008 20:41:36 -0700

> First fix the system clocks.
>
> Bad time can cause TLS problems.

I appreciate the suggestion - the logs were a little misleading
because the snippets were not exactly syncronized but I checked the
time and it was accurate within a second or so.

A little further information from a packet capture on the client
workstation: this is what is happening in order:

1. the client sends a packet to the server at xxx.xxx.74.71:4444
(this is correct)
2. ISA Server receives the packet and NATs it to 192.168.0.34:4444
2. server responds but packet exits the ISA Server on xxx.xxx.64.46
with a destination of the client public IP on port 7238*
3. the client firewall (monowall) receives the packet and NATs it to
192.168.236.24:7238*
4. client receives the packet and responds with ICMP (port
unreachable) to the server address
of xxx.xxx.64.46

*this port number increments periodically in the range 7000-8000.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users