[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipsec passthrough freezes


I have an OpenBSD 3.5 release box i am having problems with, it has an em parent interface with about 30 vlans on it.

Things had been running fine for about 6 months and then the machine simply froze with no sign of why. I did all the normal checks and replaced memory, i even replaced the whole machine with a well tested one
(3 different network card manufacturers tried - em, fxp, xl).

Eventually i tracked this problem down to a 2 clients on the same vlan using sonicwall global vpn client (version to connect to the same external vpn server, as soon as the second client makes the connection the box simply dies. From the spec of the vpn software is supports ipsec pass-though and nat-t - even if it doesnt work it shouldnt be able to bring the firewall down.

Over the past few months I have tested this with OpenBSD 3.5, 3.6 and in desperation tried FreeBSD 5.2 and 5.3. All just freeze up as soon as the second client starts their vpn client software.

All the machine is doing is natting the internal network and no cleverness in pf with multiple connections or altq or any vpns from the firewall (isakmpd is not running on the box).

Has anybody else experience this with natting vpn clients?

As a fix i have simply moved this client to a dumb hub and adsl modem, however this is not ideal as we have no control over the traffic.


Visit your host, monkey.org