|
|
On Wed, Jun 01, 2005 at 08:54:52AM +0100, George Ross wrote:
> One problem we hit with users behind NAT boxes was that their session
> timeouts were set rather low. If the link happened to be idle for a while
> then the NAT box would drop the existing session. Traffic from the server
Many cheap consumer NAT implementations are buggy (e.g. Draytek Vigor claims a 24 h
timout unless the table is full, but in reality a connection decays after 60 s).
> end would then be thrown away until the client end did something which
> caused a new NAT session and OpenVPN connection to be established. We
> didn't notice this happening when we were using shared-secret mode, but
> were bitten when we converted to TLS mode. If we'd had pool-persist right
> from the start we might still be none the wiser, as at least in that case
> the IP addresses would have been reused and most applications would have
> carried right on after the break in their connectivity.
>
> We "solved" the problem by pushing a 23-second ping to the clients...
>
> Red herring? Maybe, but maybe worth a look just in case.
--
Eugen* Leitl <a href="http://leitl.org";>leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Attachment:
signature.asc
Description: Digital signature
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-06/msg00003.html on line 199
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-06/msg00003.html on line 199
|