I have setup openvpn between two firewalls over ADSL. When it works, it is great, allowing me access to the LAN behind the remote firewall. However, the connection drops every few hours and I have to restart the remote openvpn service to re-establish the link. How can I make it more stable? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Chris Mason (Lists) wrote:> I have setup openvpn between two firewalls over ADSL. When it works, it > is great, allowing me access to the LAN behind the remote firewall. > However, the connection drops every few hours and I have to restart the > remote openvpn service to re-establish the link. How can I make it more > stable? >Hi Chris, You might post your query on the OpenVPN list -- those folks are quite responsive and they tend to be more authoritative about OpenVPN than we are here on the Shorewall list. They will probably want to see your config files on each gateway and the OpenVPN log entries on each end when the connection is lost. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> I have setup openvpn between two firewalls over ADSL. When it works, it > is great, allowing me access to the LAN behind the remote firewall. > However, the connection drops every few hours and I have to restart the > remote openvpn service to re-establish the link. How can I make it more > stable?I''m running several openvpn tunnels for years now without any problem. Do you have static IP addresses on your ADSL links? Simon ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Simon Matter wrote:> > I''m running several openvpn tunnels for years now without any problem. > > Do you have static IP addresses on your ADSL links? > > Simon > >No, they are dynamic but tracked with dynamic dns. It''s possible this is the problem. When I restart the VPN, the log shows: May 20 06:14:43 firewall kernel: Shorewall:net2fw:DROP:IN=eth1 OUT= MAC=00:03:47:95:9d:66:00:90:1a:42:08:0e:08:00 SRC=69.57.237.222 DST=69.57.237.11 LEN=42 TOS=0x00 PREC=0x00 TTL=63 ID=3 DF PROTO=UDP SPT=1194 DPT=1194 LEN=22 I don''t understand why the vpn packets are rejected. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Chris Mason wrote:> > No, they are dynamic but tracked with dynamic dns. It''s possible this is > the problem. > > When I restart the VPN, the log shows: > May 20 06:14:43 firewall kernel: Shorewall:net2fw:DROP:IN=eth1 OUT> MAC=00:03:47:95:9d:66:00:90:1a:42:08:0e:08:00 SRC=69.57.237.222 > DST=69.57.237.11 LEN=42 TOS=0x00 PREC=0x00 TTL=63 ID=3 DF PROTO=UDP > SPT=1194 DPT=1194 LEN=22 > > I don''t understand why the vpn packets are rejected. >What does your openvpn entry in /etc/shorewall/tunnels look like? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> > What does your openvpn entry in /etc/shorewall/tunnels look like? >The problem was due to the ISP constanly changing the IP every few minutes, they are migrating to a new ADSL server. I got them to reserve an IP for me and everything has been fine. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642