Problem with openconnect and NAT for HTTP requests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2012-01-12 at 09:36 +0000, Mark Round wrote:
> 
> I then log into another system and route traffic to the remote VPN 
> through my Ubuntu openconnect system. This appears to work fine for 
> ICMP, SSH, MySQL and so on - but for some reason, I cannot seem to
> NAT 
> HTTP traffic. On the Ubuntu gateway itself, HTTP access works as 
> expected - no problems. 

Can't read tcpdump now; baby shouting. First suspect would be MTU
issues. Make 100% sure all ICMP is working and not blocked. Your NAT
client can ping the HTTP server you're testing with? If not, fix that
first. You may sometimes have to shoot some incompetent IT muppets who
are addicted to security-by-voodoo to fix that.

Try clamping the MSS, Or temporarily set the local Ethernet MTU, on the
NAT client, to the same as on the VPN.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120112/d7211aa7/attachment.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux