isakmpd + vnc troubles

[Rubin <rubin_(_at_)_xs4all_(_dot_)_nl>]

Hi people,

I'm in the process of setting up a VPN using several OpenBSD 3.1 
machines across the country (the netherlands ;-). They all have 24 hour 
connections to the internet (with fixed ip numbers) using mostly ADSL 
connections and lately one dedicated ISDN line (it's connected 24 hours 
a day - in the area where this box stands there is nothing else). Up 
until now, I've had no difficulties connecting the boxes together and 
I'm very happy with the way everything works. BUT!

The ISDN line is the one giving me weird problems that I don't encounter 
with the other boxes:

I am fully able to connect, do any kind of ip traffic (ping, ssh, http, 
access windows shares, etc) both ways, but vnc works only one way 
(http://www.uk.research.att.com/vnc , btw): A little drawing to clarify:


host A                       host B
 ___                          ___
|   |________________________|   |
|___|                        |___|


Between these machines is a isakmpd (esp) link; both machines are 
connected to the internet. Host A uses an ADSL connection and "host B" 
uses an ISDN connection. When I try to run the vnc connection from a box 
behind "host B" to a box behind "host A", everything goes ok but when I 
try to run a vnc connection from behind "host A" to a box behind "host 
B", I get no screen output, but the mouse and keyboard ARE routed (ie. 
on the box you vnc to, you  see the mouse moving/clicking, but the vnc 
client screen stays blank). After a while (approx 2 minutes) the 
connection just stops. Ofcourse the vnc client logs nothing and thinks 
everything is ok..

Remote procedure call connections from windows machine to windows 
machine don't seem to work either: I tested this by accessing a share 
from a machine behind "host B" to a machine behind "host A" and double 
clicking on a shared printer. after a very long period (approx 7 
minutes) it asks me if I want to install the selected printer on the 
machine that I use to access the share; when I click "Yes" it says: 
"remote procedure call failed". Eventviewer stays quiet.

Just as a side note: I'm fully able to make vnc connections to all other 
machines behind any of the other openbsd boxes: It's just this one with 
the ISDN link.

I tried running tcpdump to look for general weirdness, but everything 
seems normal. the only thing I do note is that ppp (userland) uses a 
tun0 device to do its tricks; might this be a problem?

Anyway, I'm pretty much at loss here and I really don't know where to 
look; all logs are quiet and nothing indicates anything's wrong.

Kind regards,


Rubin.