[vpn-help] No traffic thru my tap0 device

[Matthew Grooms]

On 11/21/2010 5:05 PM, Dick Kniep wrote:
> Hi List,
>
> I am trying to setup a VPN using Shrewsoft. The tunnel seems to come up
> properly ( no errors), but no traffic passes thru the tunnel. When I use
> tcpdump, it seems that the traffic is still going thru eth0 and not thru
> tap0. I have edited sysctl for the rp_filter values, and I do get some
> errors here, but I don't think it has anything to do with my problem.
>
> sudo sysctl -a | grep rp_filter | grep -v arp
> [sudo] password for dick:
> error: "Invalid argument" reading key "fs.binfmt_misc.register"
> error: "Invalid argument" reading key "dev.parport.parport0.autoprobe"
> error: "Invalid argument" reading key "dev.parport.parport0.autoprobe0"
> error: "Invalid argument" reading key "dev.parport.parport0.autoprobe1"
> error: "Invalid argument" reading key "dev.parport.parport0.autoprobe2"
> error: "Invalid argument" reading key "dev.parport.parport0.autoprobe3"
> error: permission denied on key 'net.ipv4.route.flush'
> error: permission denied on key 'net.ipv6.route.flush'
> net.ipv4.conf.all.rp_filter = 0
> net.ipv4.conf.default.rp_filter = 0
> net.ipv4.conf.lo.rp_filter = 0
> net.ipv4.conf.eth0.rp_filter = 0
> net.ipv4.conf.tap0.rp_filter = 0
>
> Can anybody help here?
>

My guess is that the client doesn't have the correct security policies 
installed to match your traffic. I'm not sure what kind of gateway you 
use, but only a small portion actually pass this information to the 
client automatically. In most cases, you have to add topology entries 
under the policy tab in the site configuration. These must match what is 
configured on the gateway exactly or there will be issues.

-Matthew