From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JCgYB-0005gS-3g for garchives@archives.gentoo.org; Wed, 09 Jan 2008 19:25:19 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 65251E06AD; Wed, 9 Jan 2008 19:25:17 +0000 (UTC) Received: from shakti.fmp.com (shakti.fmp.com [216.110.12.105]) by pigeon.gentoo.org (Postfix) with ESMTP id 5070BE06AD for ; Wed, 9 Jan 2008 19:25:17 +0000 (UTC) Received: from [192.168.1.16] ([::ffff:10.8.0.7]) (AUTH: LOGIN fmouse@fmp.com) by shakti.fmp.com with esmtp; Wed, 09 Jan 2008 13:25:16 -0600 id 000000000019BA01.0000000047851F9C.00006080 Subject: Re: [gentoo-server] Interesting Iptables issue. From: Lindsay Haisley To: gentoo-server@lists.gentoo.org In-Reply-To: <200801092000.50788.oliver.schad@oschad.de> References: <478452A9.1070601@nnc3.com> <200801092000.50788.oliver.schad@oschad.de> Organization: FMP Computer Services Date: Wed, 09 Jan 2008 13:25:16 -0600 Message-Id: <1199906716.8186.17.camel@vishnu.fmp.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Evolution 2.12.1 X-Archives-Salt: 6da9232a-e9be-40ca-a94d-5b14fd296ff1 X-Archives-Hash: 8c223f5ce42f05290bad849e6e06c93b This still sounds very much like an MTU problem, especially with the unresponded ACKs. You might explore clamping the MTU through the VPN. You didn't say what VPN client you're using, but if you use a robust VPN system such as OpenVPN you have control over the MTU of packets sent through the tunnel. In OpenVPN, the --tun-mtu, --fragment and --mssfix options are available to help tune packet size through your tunnel. I highly recommend OpenVPN. It's easy to set up, robust, secure and runs on both Unix-like systems (Linux, BSD, Mac OS-X) and Windows. On Wed, 2008-01-09 at 20:00 +0100, Oliver Schad wrote: > Am Mittwoch, 9. Januar 2008 05:50 schrieb mir Nestor Camacho III: > > Now, what the problem is...I vpn (over ssl, to a Juniper device) to my > > job. What I am seeing is when I finally connect I can ping hosts > > internal to my work network, but when I try to initiate a connection > > (ssh, http, rdp, etc) I get no where. It just hangs on trying to > > establish the connections. > [...] > > Now the kicker! I boot up on the same computer using Ubuntu live cd and > > import the same firewall rules and everything works as it should! > > Same routing table, same interface configurations (ip, netmask, mtu), same > packet filter config, same vpn client version, same vpn client config, same > vpn gateway? > > Regards > Oli -- Lindsay Haisley | "In an open world, | PGP public key FMP Computer Services | who needs Windows | available at 512-259-1190 | or Gates" | http://pubkeys.fmp.com http://www.fmp.com | | -- gentoo-server@lists.gentoo.org mailing list