Our VPN runs for 3 months very well with a minimum of traffic <100 kbit/s.
Only DNS Zones and nagios passive checks were transferred. Everything seems
to work.
Left side is x.x.x.14 (host 1)
Subnet 10.0.0.0/24
openswan 2.4.4
shorewall 2.4.2 & iptables 1.3.4
gentoo 2.6.12-r9 with policy match
It´s reachable through a proxyarp entry on x.x.x.11 (host 2) which is
another gentoo 2.6.12-r9 with shorewall 2.4.1 and iptables 1.3.2. At this
point this shorewall has nothing to do with the vpn but allows the traffic
generally to x.x.x.14
Right side is y.y.y.212 (host 3)
Subnet 10.10.10.0/24
openswan 2.3.0
shorewall 2.4.1 & iptables 1.3.2
gentoo 2.6.12-r9 with policy match
Now let´s say that I am a host with subnet 10.0.0.0/24.
I am able to ping subnet 10.10.10.0/24 very well (best latency without
loss).
I am able to transfer DNS zone data very well.
I am able to transfer nagios passive checks very well.
I am not able to cp/cpio/rsync (nfs), sftp or else to subnet 10.10.10.0/24
very well or let´s say I am able to transfer but within a few seconds my
bandwith goes down <100kbit/s and changes permanently to stalled.
The connection is still alive but it will take one day to transfer 20MB?!.
First of all I thought it has something to do with VPN revisions or
settings. So I decided to kill proxyarp host 1 and setup another openswan
2.3.0 on host 2.
Now we have a VPN as documented many times. Two gates, two subnets, that´s
all. Host 1 isn´t any longer involved in the vpn but host 1 is at this point
the left side gateway.
Now everything works well.
I started to be in doubt about the VPN to be the source of my problems and I
started a stupid sftp job from host 1 out of any vpn through the public
internet. Host 1 is still an entry in host 2´s shorewall proxyarp.
This job went down, too. I think I have a problem with proxyarp, shorewall
versions or else.
Is there anyone who knows about?
Cheers
Mike
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
