> his would also apply to configuration of the split tunnel setup. There's a few bugs related to split tunneling, split dns and generic tunneling.. They seem related to the kernel version, glibc version and vpn client version in use but have started rather recently (say within the last 6 months or so). My hunch is that the interceptor does something weird. Anyway, with _linux_ clients I got the best result using split tunneling and pushing dns servers that are routed outside the vpn tunnel to the clients. It's mentioned off hand in the release notes under the section "DNS Server on Private Network with Split DNS Causes Problems" (CSCee66180). Another is CSCea75956 which occurs with non-Win32 vpn clients only. I first thought that was what I was experiencing but further investigation and packet dumping at all ends proved me wrong :) The vpn client works great under win xp in vmware (as expected) and without any problems with iptables, too. One needs to permit 500/udp and 4500/udp (nat/pat passthrough) or 10000/tcp (or whatever other tcp port you or your administrator might have configured in the concentrator). Good ports to use are 25, 143, 80, 443, 3128, 8080 .. there's almost always one or two of those open at various locations. O:-) // kaj
