Todd Pearsall wrote:
I'll try the tcpdump, thanks for the recommendations.I understand your logic, but what are you doing that kills the connection? You should be able to play with IPSec tunnels all day long w/o messing up the main external uplink...
I was on the phone with Netopia (the current router I put in bridging
mode is a Cayman/Netopia) to see if there were any VPN add-ons I could
buy for the Cayman so it could support the roadwarrior and gateway VPNs
I need. Unfortunately there isn't anything for that model, but for $180
I can trade up to a Netopia 4541 which does have the VPN capabilities.
I think it's very similar software to the R7200 which I have successful
joined with LEAF.
Anyway, since this location is remote and I keep killing the connection
trying to troubleshoot requiring someone local to undo the last change
and reboot, and because I've come to hate BellSouth's PPPoE
implemenation, $180 for an ADSL modem/router/vpn gateway is a no brainer
if it will solve this problem.
I'd sniff your traffic first. If your problem is caused by large packets getting sent with the "don't fragment" option set, *NOTHING* is going to help you get that traffic across your VPN, unless you change something fundamental (ie change the traffic itself by fixing the machine(s) generating the large packets, or switch to a type of tunneling that can hide the fragmentation).Anyone have any odds on whether moving to the all-in-one device will help? I'm not thrilled about losing the ability to add a DMZ in the future and all the other flexibility LEAF provides, but the remote troubleshooting has been brutal and I'm getting into a crunch.
If you don't know *WHY* this one site is causing you fits, you won't know if a hardware box will fix it.
Also, as mentioned before, once you sniff the traffic and actually *SEE* what's going on (rather than speculating), I'm pretty sure a solution will present itself.
If you have access to the box via ssh, it should be pretty easy to get tcpdump running, and to capture and post results back to the list. Just copy tcpdump.lrp and libpcap.lrp to the firewall with scp, install them with lrpkg (cd to the directory you copied them to, and run "lrpkg -i tcpdump" and "lrpkg -i libpcap"). Then run tcpdump and have someone at the far end try one of the "broken" protocols (which you still haven't identified, IIRC).
Probably take you less time than it took me to write this e-mail...
--
Charles Steinkuehler
[EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
