[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
VPN connections appear to be flakey
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: VPN connections appear to be flakey
- From: "Russell P. Sutherland" <russ_(_at_)_quist_(_dot_)_ca>
- Date: Wed, 8 Aug 2001 10:29:31 -0400
- Organization: Quist Consulting
I've set up a two VPNs using central IPSec gaetway with
two satellites. Here's the diagram:
-------- remote network (A) -------- central network (B)
| |
VPN gateway VPN gateway
| |
MNSi PPOE connection ---- Internet ----- AT&T DSL connection
|
|
Rogers DHCP connection
|
VPN gateway
|
-------------- remote network (C)
The central VPN machine at B listens for phase I connections from anyone
as both A and C are not necessarily static IP addresses. It sets
up phase II connections with networks A and C.
Normally things work well. Once per day however, IP connectivity is lost
from the perspective of a host on A trying to connect to a service on
network B. When in this disconnected state, if I log into the VPN
gateway machine at B, I can stop the isakmpd daemon, flush all the encap
routes and restart isakmpd. Bingo. Connectivity is regained. I've
"heard" that connectivit can be lost when the phase II connections
re-key. Is this true? Can anyone think of anything else that might
be worth investigating to remedy the problem?
--
Quist Consulting Email: russ_(_at_)_quist_(_dot_)_ca
219 Donlea Drive Voice: +1.416.696.7600
Toronto ON M4G 2N1 Cell: +1.416.803.0080
CANADA WWW: http://www.quist.ca
Visit your host, monkey.org