|
|
|
Hi, We would like to share this with you. We have OpenVPN server 2.0.5 on CentOS 4.2 before it was on Red Hat Enterprise AS 4 and clients are Windows XP. Our clients were suffering strange VPN lockups every few minutes on a random basis which resulted in all services provided through the VPN to be not responding. We were using an external LDAP server to authenticate clients against it. After deep investigations we found that, the LDAP, was the source of the problem. It was not responding too fast and sometimes was suffering lockups due to some corruptions in its database. The problem is that the VPN client was re-authenticating every few minutes randomly. During this time; if the LDAP was locked up; clients were not able to send any traffic through the tunnel. We worked around this by returning an "always successful" result to the authentication and re-authentication requests. We know that using "auth-retry none" at the client side may solve the problem but we would like to know what happens at the client's side? Does OpenVPN ignore any traffic sent over the tunnel during this time while waiting for the result of the re-authentication? We think it is so because people complain that the services are not available and by sniffing we found that not traffic arriving during this period. This workaround succeeded with clients who are not using Avaya's soft phone. While those who are using the soft phone are stuck at another problem. The client is still sending, approximately every two minutes and 5 seconds (125 seconds) according to our logs, the re-authentication requests. During normal VPN operation, i.e. before the re-authentication request is sent, the call is in peer-to-peer mode and once the client sends a re-authentication request; the soft phone drops the peer-to-peer connection and switches to Avaya's MedPro server and it does not go back to the other peer. Thanks for the time and your help is highly appreciated. Regards -- Sameh Attia Information Security Manager Red Hat Certified Engineer TE Data -- dc -e '603178305900664311156641389051003470569569613466992253686426210705237258P' "Windows XP is the malicious hackerâs dream come true." ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00021.html on line 221 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00021.html on line 221 |