Lee H. Marzke on 18 Sep 2013 18:26:04 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Troubleshooting a fragile VPN connection

I had a similar issue with openvpn a few years ago.

Seems the "firewall" didnt really block and wasnt inline.  If tcp connections were agains policy the device would just kill the connection.

I had some limited sucess routing ovpn over an ssh tunnel to an sshd running on port 443.

Lee Marzke ãlee@marzke.netã
Sent from my Galaxy S III

-------- Original message --------
From: "K.S. Bhaskar" <bhaskar@bhaskars.com>
Date: 09/18/2013 17:10 (GMT-05:00)
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Troubleshooting a fragile VPN connection

For family reasons, I am temporarily telecommuting from Manhattan.  My hotel in Manhattan has expensive Internet access via iBAHN, but I purchased a Boingo id for about one fiftieth the cost, and IBAHN is a hotspot provided for Boingo.  So, I am connected via iBAHN but authenticating via Boingo - the iBAHN sign-on page has a link to another page that allows me to sign in with my Boingo id. Except VPN, everything works perfectly.

The VPN only stays up for a few minutes at a time.  During those few minutes, it works perfectly, but suddenly the vpnc process just disappears.  Previously, VPN has always worked perfectly for me: from home, from homes of friends and family, from every other hotel I have used in my travels around the world (including hotels with free Internet service provided by iBAHN), etc.  But this is the first time I am using a Boingo id over iBAHN.

For VPN, my employer uses Cisco VPN, to which I connect with the vpnc client on a 64-bit Ubuntu 13.04.  Since my employer has a proxy server that requires a login with AD credentials, all my desktop programs are configured to use a local cntlm as a proxy.  I have two cntlm configuration files, and when I connect to the VPN or disconnect from it, I shutdown the cntlm process and restart it with the appropriate configuration file.  This works like a charm, and the additional microscopic delay of going through cntlm is compensated for by the simplicity of the setup.

So, literally, this is first time I am having any major problem with my VPN setup, and I am not sure even where to start looking.

The only think I can think of doing is to play with the IP routing tables so that when I am connected over the VPN, I only route traffic to the company Intranet over the VPN, and route to all other addresses directly, bypassing the VPN.  While configuring IP routing tables would be a good thing to learn, it would not help me get my job done any faster.

Suggestions appreciated.  Thank you very much.

-- Bhaskar

Windows does to computers what smoking does to humans
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug