On Thu, 2012-01-12 at 09:36 +0000, Mark Round wrote: > > I then log into another system and route traffic to the remote VPN > through my Ubuntu openconnect system. This appears to work fine for > ICMP, SSH, MySQL and so on - but for some reason, I cannot seem to > NAT > HTTP traffic. On the Ubuntu gateway itself, HTTP access works as > expected - no problems. Can't read tcpdump now; baby shouting. First suspect would be MTU issues. Make 100% sure all ICMP is working and not blocked. Your NAT client can ping the HTTP server you're testing with? If not, fix that first. You may sometimes have to shoot some incompetent IT muppets who are addicted to security-by-voodoo to fix that. Try clamping the MSS, Or temporarily set the local Ethernet MTU, on the NAT client, to the same as on the VPN. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5818 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120112/d7211aa7/attachment.bin>
