[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ipsec passthrough freezes
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: ipsec passthrough freezes
- From: Mike Wolman <mike_(_at_)_nux_(_dot_)_co_(_dot_)_uk>
- Date: Tue, 7 Dec 2004 19:39:56 +0000 (GMT)
I have an OpenBSD 3.5 release box i am having problems with, it has an em
parent interface with about 30 vlans on it.
Things had been running fine for about 6 months and then the machine
simply froze with no sign of why. I did all the normal checks and
replaced memory, i even replaced the whole machine with a well tested one
(3 different network card manufacturers tried - em, fxp, xl).
Eventually i tracked this problem down to a 2 clients on the same vlan
using sonicwall global vpn client (version 220.127.116.11) to connect to the
same external vpn server, as soon as the second client makes the
connection the box simply dies. From the spec of the vpn software is
supports ipsec pass-though and nat-t - even if it doesnt work it shouldnt
be able to bring the firewall down.
Over the past few months I have tested this with OpenBSD 3.5, 3.6 and in
desperation tried FreeBSD 5.2 and 5.3. All just freeze up as soon as the
second client starts their vpn client software.
All the machine is doing is natting the internal network and no cleverness
in pf with multiple connections or altq or any vpns from the firewall
(isakmpd is not running on the box).
Has anybody else experience this with natting vpn clients?
As a fix i have simply moved this client to a dumb hub and adsl modem,
however this is not ideal as we have no control over the traffic.