Gordon
Gordon Bos wrote:
>
> Erich Titl wrote:
>> Gordon
>>
>> Gordon Bos wrote:
>>> Call me stupid, but I am running a cascade of two Leaf routers and I
>>> would not even start to consider joining them. That said, I have been
>>> running them on the same host lately (VMware). That is because I've run
>>> out of old small sized boxes and everything I can get my hands on is
>>> hugely oversized for the job.
>> Out of curiosity, why would you not run this functionality on a single
>> Box, but be prepared to tolerate the VMWare overhead and network
>> abstraction, but really just out of curiosity.....
>
> One large reason. Except for doing ISP connect, the outer box also
> functions as an ipsec/l2tp VPN router. When a remote user connects to
> one of the l2tp nodes, this dynamically adds a ppp interface.
Oh, you are doing l2tp on the leaf box, I always delegate this to
winblows. But surely you only accept those requests from the ipsec
interface.
I have
> found no other way to handle this other than by setting the policy for
> iptables to ACCEPT. That introduces a security risc for everything I may
> have forgotten to catch in an earlier stage (the rules, or exceptions to
> policy).
>
>>> When my needs were smaller I did have ISP connect en TC on the same
>>> router, but the current cascaded setup appears to be a lot more stable.
>> Can you elaborate on the stability problem? Do we have one?
>
> I used to have frequent ISP connection resets, and for some reason I
> never managed to have it reconnect without human interaction on the box
> itself. Now I have less resets and it also reconnects automatically.
Have you found a reason for this?
The
> only issue I have now is that at some times it starts to flood the logs
> with klips messages and I can only stop that by fully resetting the router.
This would point to a ipsec problem, wouldn't it?
cheers
Erich
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
