Nick Howitt wrote:
Can we start again with the troubleshooting as things may have changed over 2 years. Please can you give the conn definitions from either end from /etc/ipsec.d.*.conf and the connection log from both ends.

Site A


Site B

Nick Howitt wrote:
With the firewall up and down at B, can you give a traceroute from A to B.
[quote]

Firewall Up


Firewall Down


So the firewall is successfully stopping the traceroute it looks to me.

[quote]Nick Howitt wrote:
Thinking about this some more, is this a DNS issue? Are you trying to access machines by FQDN when you get the issue? Can you try pinging the remote host by IP and FQDN? Is pinging by FQDN pinging your remote external IP?

If this is the case, in Site A you need a DNS entry for the machines in Site B to go directly to the LAN IP. I am not sure how this work with port forwards where you only forward certain IP's to LAN machines and it can be different IP's. I have a feeling it will fail. Try setting the DNS entry for machines you for which have port forwarding rules to point to the remote ClearOS LAN IP.

Does not seem to be DNS related. If I remove DNS from the equation completely (both on the public side and internally) I still get the same results.