On Wed, 2004-12-01 at 22:29, Helge Weissig wrote: > my bad... when I obfuscated my script, I should have used "$EXT_IP" or > something like it. That IP and the VPN server's are very similar. ok... > JO> > JO> try and connect with your VPN client to your VPN server with that > JO> script. if you can't connect--it's more likely an IPSec configuration > JO> detail that your missing. > > no such luck :(. I should note that the VPN connections works fine when I > hook the client up directly to my DSL line. btw - it looks like your > script does not forward anything from one of my interfaces to the other. yeah--precisely. you seem obsessed with the desire to "port forward" esp traffic to your VPN client, which is absolutely not necessary. look into configuring NAT-T with your VPN client, sometimes called "UDP Encapsulation" as your VPN server appears unwilling to accept esp packets that have traversed an intermediate NAT device. -j -- "Mmmm...free goo." --The Simpsons
