News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: monowall as edge router various problems [FULLY SOLVED (by my own dumb self)]
Pages: [1]
Topic: monowall as edge router various problems [FULLY SOLVED (by my own dumb self)]  (Read 1548 times)
« on: October 25, 2007, 05:12:42 »
mammoth *
Posts: 4
We switched to a new ISP who informed us on day of service connection that we would have to supply our own router for our public IPs.  Aside from the fact that I think this is outrageous, I am having some trouble using monowall as that router.

We have a WAN and LAN interface on the monowall configured as the ISP suggested.  Advanced Outbound NAT is enabled, and we have a pass all rule on the WAN and LAN (not sure if those rules were necessary, but we tried it to solve these problems).  For the most part, behavior of this network is as expected -- we can reach our publicly available hosts -- http, smtp, etc....  Some of these hosts are behind other monowalls and one is behind a pfsense box, one is a Linux server on its own, and another host is a cisco router.

At issue are two things.  The first is that IPSEC vpn does not seem to work; the tunnels connect, pings to remote hosts are returned, but services don't seem to respond or are extremely jittery and intermittent.  So, for example, connecting to an Exchange server over the tunnel will connect at first, and then drop.  Or it will connect and never synch.  I can't pull up a web page from a linux server over the vpn at all.  Please understand that all of these things were flawless prior to the ISP changes.  We have allowed framented packets on our allow rules and this did not seem to help.  Thoughts or ideas?

Secondly, the pfsense box now runs at 1.2Mbps up and down on this synchronous 10Mbit connection.  Granted it was on a 1.2Mb connection with the old isp, so maybe it has always had this problem and we didn't realize it.  Anyone have thoughts there?

Many thanks for the assistance as this is (or was) a production network.

[SOLUTION: reboot your PC, moron.  And then rebuild your pfsense vpn tunnels.  VPN tunnels are now working]  Smiley

Would still be curious to know why the PFsense box (not the one with the VPN tunnels) will only run at 1.2Mbps? [SOLUTION: removed traffic shaping rules used for old ISP and all is well.  Nothing like a long night's work to make you overlook the obvious]  Smiley

Thanks, Friends for reviewing my post.  I'll try to post some real problems next time!
« Last Edit: October 25, 2007, 15:35:11 by mammoth »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines