On Oct 10, 2004, at 11:10 AM, Lynn Avants wrote:
An 'ipsec barf' will give you virtually every detail concerning the VPN authentication and connection process.
Probably the first test I'll run when I'm at the Boise console.
Assuming you are running both ends for subnet sharing, you will not be able to ping the internal gateway address through the tunnel...... this test should be performed by pinging an internal client on one subnet from an internal client on the other subnet.
That is typically how I do the ping tests. I hit the outside address of the LEAF router from inside the Seattle private network to compare with the DSL router (which never drops packets) and the inside Boise network, which in the beginning was dropping a lot of traffic when the outside address was dropping few or none. Now, the situation has degenerated to the point that the
Do not use either of the gateways to test this connectivity. The only way the router can participate through the tunnel is if the connection allows it to be a host instead of a gateway. Many of us use the gw-to-gw tunnel for typical filesharing and also run a host-to-host tunnel to allow for connectivity ping checking on an interval.
Setup an stunnel connection, say, between the Linux fileservers, through the LEAF ipsec tunnel?
This
allows you to run a script that reloads both tunnels if the host-to-host
tunnel goes down for x-seconds and expediates manual intervention
by the maintainer and makes testing far easier.
I might ask for more details about how you set up and use those scripts. I admit that I am woefully short of tools (hardware, software, and brainware) for dealing with this sort of problem. That's what comes of not having enough network crises to learn from.
It may be that the routers are continually attempting to connect to the
Portland office that doesn't exist anymore if this office is still in the
configuration file(s).
I thought I had been careful about that, but I'm not taking anything for granted.
Possibly any nice XP boxes are attempting to connect to shares at Portland that no longer exist and flooding the router with garbage traffic as well.
No XP at this firm: MacOS9, MacOSX, Win98, WinNT, and the Linux servers. But your point is valid, none the less. It is not just XP that can spew garbage. But, the problem persists even with every Boise host turned off. That is what is so confusing about this whole thing. I can only conclude at this point that I've made some gross error assumption because I missed something in the remote troubleshooting I've done so far. The results just don't make sense.
Thank you for your help, Lynn.
Dale Mirenda
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
