[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Problems of ICA deconnected into a OpenVPN tunnels..


  • Subject: Re: [Openvpn-users] Problems of ICA deconnected into a OpenVPN tunnels..
  • From: "Sunil S" <sunils@xxxxxxxxxx>
  • Date: Wed, 04 Jul 2007 19:21:03 +0530

I had clients using Citrix over OpenVPN and has not seen any issue between the two.  Besides, Citrix ICA tolerates network disruptions quite well.  (I have ran over 25 ICA sessions over a single OpenVPN connection over a 2mbps ADSL link)

You have not mentioned if you have tested any other application other than ICA in your set up or whether you have more than one client.  Does ping contunue while your ICA fails - I mean, is OpenVPN connection holding on and ICA only fails?

Once, while using a udp proxy (I think it was udpelay) to forward packets to OpenVPN server sitting in the private network, I have seen OpenVPN dropping connection when a second client comes in.  udprelay was forwarding packets from second client inward from the same UDP port as that for first client.  Then, OpenVPN discrded the first connection probably because it sees differently encrypted packet coming in from IP/port where it was expecting the first client.  Later I tried "delegated" (http://www.delegate.org), as delegate runs a separate process for every connection, it uses a different port for each client.

So if you have a NAT box before your server, it  may be the reason for dropping connections.  In case this info  helps....

>>> Noc Phibee <noc@xxxxxxxxxx> 07/03/07 10:05 PM >>>
Hi

i have a big problems with my VPN Link.
I use two linux box with openvpn.

I lose the ICA connection without reason

When i sent normal ping, that's work ...

but into the log, i have a big quantity of:

window for more info or silence this warning with --mute-replay-warnings
Tue Jul  3 18:12:46 2007 Authenticate/Decrypt packet error: bad packet 
ID (may be a replay): [ #3125901 / time = (1183057699) Thu Jun 28 
21:08:19 2007 ] -- see the man page entry for --no-replay and 
--replay-window for more info or silence this warning with 
--mute-replay-warnings
Tue Jul  3 18:16:58 2007 Authenticate/Decrypt packet error: bad packet 
ID (may be a replay): [ #3147170 / time = (1183057699) Thu Jun 28 
21:08:19 2007 ] -- see the man page entry for --no-replay and 
--replay-window for more info or silence this warning with 
--mute-replay-warnings
Tue Jul  3 18:25:43 2007 Authenticate/Decrypt packet error: bad packet 
ID (may be a replay): [ #3173776 / time = (1183057699) Thu Jun 28 
21:08:19 2007 ] -- see the man page entry for --no-replay and 
--replay-window for more info or silence this warning with 
--mute-replay-warnings
Tue Jul  3 18:25:43 2007 Authenticate/Decrypt packet error: bad packet 
ID (may be a replay): [ #3173777 / time = (1183057699) Thu Jun 28 
21:08:19 2007 ] -- see the man page entry for --no-replay and 
--replay-window for more info or silence this warning with 
--mute-replay-warnings
Tue Jul  3 18:27:15 2007 Authenticate/Decrypt packet error: bad packet 
ID (may be a replay): [ #3179361 / time = (1183057699) Thu Jun 28 
21:08:19 2007 ] -- see the man page entry for --no-replay and 
--replay-window for more info or silence this warning with 
--mute-replay-warnings
Tue Jul  3 18:27:16 2007 Authenticate/Decrypt packet error: bad packet 
ID (may be a replay): [ #3179440 / time = (1183057699) Thu Jun 28 
21:08:19 2007 ] -- see the man page entry for --no-replay and 
--replay-window for more info or silence this warning with 
--mute-replay-warnings
Tue Jul  3 18:27:16 2007 Authenticate/Decrypt packet error: bad packet 
ID (may be a replay): [ #3179441 / time = (1183057699) Thu Jun 28 
21:08:19 2007 ] -- see the man page entry for --no-replay and 
--replay-window for more info or silence this warning with 
--mute-replay-warnings
Tue Jul  3 18:30:53 2007 Authenticate/Decrypt packet error: bad packet 
ID (may be a replay): [ #3192802 / time = (1183057699) Thu Jun 28 
21:08:19 2007 ] -- see the man page entry for --no-replay and 
--replay-window for more info or silence this warning with 
--mute-replay-warnings
Tue Jul  3 18:31:41 2007 Authenticate/Decrypt packet error: bad packet 
ID (may be a replay): [ #3196295 / time = (1183057699) Thu Jun 28 
21:08:19 2007 ] -- see the man page entry for --no-replay and 
--replay-window for more info or silence this warning with 
--mute-replay-warnings


It's possible that this drop close the ICA session ?

What is the solution for resolv this ?

thanks bye


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx 
https://lists.sourceforge.net/lists/listinfo/openvpn-users
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users