K.S. Bhaskar on 20 Sep 2013 06:40:07 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Troubleshooting a fragile VPN connection

The fix proved to be simple although it took me a long time to stumble upon it. ÂI allowed the NAT Traversal Mode to default (the default is natt; it was cisco-udp, which was required some years ago, and evidently no longer is). ÂNow the VPN stays up as long as I want it to (at least for a few hours at a time).

Regards
-- Bhaskar


On Wed, Sep 18, 2013 at 9:25 PM, Lee H. Marzke <lee@marzke.net> wrote:
I had a similar issue with openvpn a few years ago.

Seems the "firewall" didnt really block and wasnt inline. ÂIf tcp connections were agains policy the device would just kill the connection.

I had some limited sucess routing ovpn over an ssh tunnel to an sshd running on port 443.




Lee Marzke ãlee@marzke.netã
Sent from my Galaxy S III



-------- Original message --------
From: "K.S. Bhaskar" <bhaskar@bhaskars.com>
Date: 09/18/2013 17:10 (GMT-05:00)
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Troubleshooting a fragile VPN connection


For family reasons, I am temporarily telecommuting from Manhattan. ÂMy hotel in Manhattan has expensive Internet access via iBAHN, but I purchased a Boingo id for about one fiftieth the cost, and IBAHN is a hotspot provided for Boingo. ÂSo, I am connected via iBAHN but authenticating via Boingo - the iBAHN sign-on page has a link to another page that allows me to sign in with my Boingo id. Except VPN, everything works perfectly.

The VPN only stays up for a few minutes at a time. ÂDuring those few minutes, it works perfectly, but suddenly the vpnc process just disappears. ÂPreviously, VPN has always worked perfectly for me: from home, from homes of friends and family, from every other hotel I have used in my travels around the world (including hotels with free Internet service provided by iBAHN), etc. ÂBut this is the first time I am using a Boingo id over iBAHN.

For VPN, my employer uses Cisco VPN, to which I connect with the vpnc client on a 64-bit Ubuntu 13.04. ÂSince my employer has a proxy server that requires a login with AD credentials, all my desktop programs are configured to use a local cntlm as a proxy. ÂI have two cntlm configuration files, and when I connect to the VPN or disconnect from it, I shutdown the cntlm process and restart it with the appropriate configuration file. ÂThis works like a charm, and the additional microscopic delay of going through cntlm is compensated for by the simplicity of the setup.

So, literally, this is first time I am having any major problem with my VPN setup, and I am not sure even where to start looking.

The only think I can think of doing is to play with the IP routing tables so that when I am connected over the VPN, I only route traffic to the company Intranet over the VPN, and route to all other addresses directly, bypassing the VPN. ÂWhile configuring IP routing tables would be a good thing to learn, it would not help me get my job done any faster.

Suggestions appreciated. ÂThank you very much.

Regards
-- Bhaskar


--
Windows does to computers what smoking does to humans

___________________________________________________________________________
Philadelphia Linux Users Group     --    Âhttp://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion Â-- Â http://lists.phillylinux.org/mailman/listinfo/plug




--
Windows does to computers what smoking does to humans 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug