I am cross-posting this to openbsd-pf because I am at a complete loss and don't know where the problem lies.
I have a OpenBSD ipsec vpn setup between several node sites and one central site. For the most part it seems they are setup fine (isakmpd, pf etc). I can ping, I can do all sorts of nice things over the network. The problem appears when I try to use samba over the vpn. Sometimes, I can login to a server (using smbclient) and there is no problem. Other times, I get this:
# smbclient //linux1/public
added interface ip=192.168.2.1 bcast=192.168.2.255 nmask=255.255.255.0
Got a positive name query response from 192.168.1.6 ( 192.168.1.6 )
Domain=[ABC] OS=[Unix] Server=[Samba 2.2.8a]
smb: \> ls
SUCCESS - 0 listing \*
Error in dskattr: SUCCESS - 0
smb: \> Memory fault (core dumped)
I know it looks like I am connecting from the firewall itself, which should be a no-no, but the result is the same from a host behind it. What makes this so strange, is that there is no apparent cause of failure or success. I was almost sure that it was a pf issue that was dropping some UDP packets, but I have watched the pflog and that doesn't seem to be the case, especially because it works sometimes.
Does anyone have any insight into this?