|
|
> I've been spending the last few days troubleshooting an odd connection
> problem to my OpenVPN 2 server, which I eventually narrowed down to a
> problem with the local firewalls at the various client sites that I have
> tested from. In short without any kind of a firewall the connection goes
> through like a champ, but with the firewall in place the connection would
> fail on occation. ... NAT ...
One problem we hit with users behind NAT boxes was that their session
timeouts were set rather low. If the link happened to be idle for a while
then the NAT box would drop the existing session. Traffic from the server
end would then be thrown away until the client end did something which
caused a new NAT session and OpenVPN connection to be established. We
didn't notice this happening when we were using shared-secret mode, but
were bitten when we converted to TLS mode. If we'd had pool-persist right
from the start we might still be none the wiser, as at least in that case
the IP addresses would have been reused and most applications would have
carried right on after the break in their connectivity.
We "solved" the problem by pushing a 23-second ping to the clients...
Red herring? Maybe, but maybe worth a look just in case.
--
Dr George D M Ross, School of Informatics, University of Edinburgh
Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ
Mail: gdmr@xxxxxxxxxxxx Voice: +44 131 650 5147 Fax: +44 131 667 7209
PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5
Attachment:
pgpIH6jkC51ui.pgp
Description: PGP signature
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-06/msg00000.html on line 200
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-06/msg00000.html on line 200
|