| Author |
Message |
teo
Guest
|
 Posted:
Fri Dec 02, 2005 12:53 am Post subject:
m0n0wall strange vpn ipsec problem |
|
|
hi all,
i've setup 2 m0n0wall in 2 different site to make a vpn ipsec
connections through my lan
everything is ok (ping, ssh, ecc..)
but only for ONEWAY situation, when i try to connect from site1 to
site2, after few command my window hang.
in other word, i can connect to the remote m0n0wall interface (http)
without problem via vpn but if i try to connect to a server in the
remote lan (for example via ssh) after few commands (ls -l) if the
result is few character OK, otherwise my window hang!!
if i do the same from site 2 to site 1 all is perfect.
i cannot understand the problem because all seem to work correctly and i
don't have logs error.
please help me!!
thanks matteo italy
PS i have other situations runnig without problems.... |
|
| Back to top |
|
 |
VANHULLEBUS Yvan
Guest
|
| Posted:
Fri Dec 02, 2005 2:18 am Post subject:
Re: m0n0wall strange vpn ipsec problem |
|
|
teo <texmatto@tin.it> writes:
| Quote: | hi all,
i've setup 2 m0n0wall in 2 different site to make a vpn ipsec
connections through my lan
everything is ok (ping, ssh, ecc..)
but only for ONEWAY situation, when i try to connect from site1 to
site2, after few command my window hang.
in other word, i can connect to the remote m0n0wall interface (http)
without problem via vpn but if i try to connect to a server in the
remote lan (for example via ssh) after few commands (ls -l) if the
result is few character OK, otherwise my window hang!!
if i do the same from site 2 to site 1 all is perfect.
|
First thing to check with such strange hangs: MTU problems...
Set down the MTU on your client host to 1400, for example, or play
with the TCPMSS on one gates, and try again.
Yvan. |
|
| Back to top |
|
|
teo
Guest
|
| Posted:
Sat Dec 03, 2005 9:22 am Post subject:
Re: m0n0wall strange vpn ipsec problem |
|
|
VANHULLEBUS Yvan wrote:
| Quote: | teo <texmatto@tin.it> writes:
hi all,
i've setup 2 m0n0wall in 2 different site to make a vpn ipsec
connections through my lan
everything is ok (ping, ssh, ecc..)
but only for ONEWAY situation, when i try to connect from site1 to
site2, after few command my window hang.
in other word, i can connect to the remote m0n0wall interface (http)
without problem via vpn but if i try to connect to a server in the
remote lan (for example via ssh) after few commands (ls -l) if the
result is few character OK, otherwise my window hang!!
if i do the same from site 2 to site 1 all is perfect.
First thing to check with such strange hangs: MTU problems...
Set down the MTU on your client host to 1400, for example, or play
with the TCPMSS on one gates, and try again.
Yvan.
yhanks, Yvan, itry to change MTU but nothing changed do i have to reboot |
firewalls ? for me the problem is when the firewall route packet via vpn
in the remote lan because i have non problem to manage the remote
firewall web interface, but if i try to manage another host via web it hang.
matteo |
|
| Back to top |
|
|
VANHULLEBUS Yvan
Guest
|
| Posted:
Sat Dec 03, 2005 5:21 pm Post subject:
Re: m0n0wall strange vpn ipsec problem |
|
|
teo <texmatto@tin.it> writes:
[Hangs over IPSec]
| Quote: | yhanks, Yvan, itry to change MTU but nothing changed do i have to
reboot firewalls ? for me the problem is when the firewall route
packet via vpn in the remote lan because i have non problem to manage
the remote firewall web interface, but if i try to manage another host
via web it hang.
|
Strange, what you describe (hangs over IPSec tunnel for big data
flows) really looks like a packet size problem....
No, you shouldn't reboot the firewalls after changing the MTU, but did
you change the MTU on the firewalls or on your traffic endpoint (the
hist from which you establish your sessions) ?
Try with a very low MTU value on the TRAFFIC ENDPOINT (not on the
IPSec gates) to ensure this is really not related to that, then try
to dump what's going on the wire (between IPSec gates) to see if you
can notice something abnormal.
And, when a session hangs, can you still establish new other sessions
through the IPSec tunnel ?
And tell us what IPSec gates you're using, perhaps there is just a
known bug somewhere.....
Yvan. |
|
| Back to top |
|
|
teo
Guest
|
| Posted:
Mon Dec 05, 2005 3:25 pm Post subject:
Re: m0n0wall strange vpn ipsec problem |
|
|
VANHULLEBUS Yvan ha scritto:
| Quote: | teo <texmatto@tin.it> writes:
[Hangs over IPSec]
yhanks, Yvan, itry to change MTU but nothing changed do i have to
reboot firewalls ? for me the problem is when the firewall route
packet via vpn in the remote lan because i have non problem to manage
the remote firewall web interface, but if i try to manage another host
via web it hang.
Strange, what you describe (hangs over IPSec tunnel for big data
flows) really looks like a packet size problem....
No, you shouldn't reboot the firewalls after changing the MTU, but did
you change the MTU on the firewalls or on your traffic endpoint (the
hist from which you establish your sessions) ?
Try with a very low MTU value on the TRAFFIC ENDPOINT (not on the
IPSec gates) to ensure this is really not related to that, then try
to dump what's going on the wire (between IPSec gates) to see if you
can notice something abnormal.
And, when a session hangs, can you still establish new other sessions
through the IPSec tunnel ?
And tell us what IPSec gates you're using, perhaps there is just a
known bug somewhere.....
Yvan.
thanks ivan for your support, |
this really a strange problem...
i changed the mtu on the wan interface of the m0n0wall firewall. (now is
1000 but nothing change)
yes, when session hang, i can still open another session
i'm using m0n0wall 1.2 on a iso cdrom
---update---
it work!!!
if i change the mtu (i set 1430) on the traffic endpoint it WORK!!
thanks a lot for your help
my last question is: do i have to change the mtu of all the host that i
need to manage ?
matteo |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in