Dieter Egert
2011-Jul-07 21:18 UTC
Connection problem via VPN (only regarding some destinations)
Hello I have a lan with e.g. these ip adresses: 192.100.100.104 wilhelm (AIX 4.3) 192.100.100.57 eurexc (Windows 95, 100 MB ethernet card)) 192.100.100.62 windows62 192.100.100.1 (Ubuntu 8, shorewall V3 installed, std gateway, eth0, eth1) External clients were connected via vpn to the lan, that worked fine all the time. Then there was a power failure, all computers had to reboot (we did this in the meantime repeatedly). The vpn connection since that time doesn''t work any longer in a correct way: 192.100.100.57> ping 192.100.100.104 worked only sometimes 192.100.100.1> ping 192.100.100.104 worked only sometimes 192.100.100.1> ping 192.100.100.57 worked fine all the time external pc> ping 192.100.100.57 worked fine all the time external pc> ping 192.100.100.1 worked fine all the time external pc> ping 192.100.100.104 did never work again (timeout) (before it did!) So we used a new switch, as we assumed this part had a problem. With that all pings internal to the lan work fine, but not from wan via VPN. Still all pings to 192.100.100.104 have timeout, while other pings work fine. I checked arp -a (all mac adresses looked correct). With tracert (external client) I got the connection to the vpn gateway (here 10.8.0.1) and nothing more (only if destination is ..104 !). Appended the shorewall.dump.txt file as recommended. What can be the reasong?? We urgently need the connection to destination 192.100.100.104 as it is used as license server! Dieter ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
Tom Eastep
2011-Jul-07 22:18 UTC
Re: Connection problem via VPN (only regarding some destinations)
On Thu, 2011-07-07 at 23:18 +0200, Dieter Egert wrote:> Hello > > I have a lan with e.g. these ip adresses: > 192.100.100.104 wilhelm (AIX 4.3) > 192.100.100.57 eurexc (Windows 95, 100 MB ethernet card)) > 192.100.100.62 windows62 > 192.100.100.1 (Ubuntu 8, shorewall V3 installed, std gateway, > eth0, eth1) > > External clients were connected via vpn to the lan, that worked fine > all the time. > Then there was a power failure, all computers had to reboot (we did > this in the meantime repeatedly). > The vpn connection since that time doesn''t work any longer in a > correct way: > 192.100.100.57> ping 192.100.100.104 worked only sometimes > 192.100.100.1> ping 192.100.100.104 worked only sometimes > 192.100.100.1> ping 192.100.100.57 worked fine all the time > external pc> ping 192.100.100.57 worked fine all the time > external pc> ping 192.100.100.1 worked fine all the time > external pc> ping 192.100.100.104 did never work again (timeout) > (before it did!) > > So we used a new switch, as we assumed this part had a problem. With > that all pings internal to the lan work fine, but not from wan via > VPN. Still all pings to 192.100.100.104 have timeout, while other > pings work fine. > I checked arp -a (all mac adresses looked correct). > With tracert (external client) I got the connection to the vpn gateway > (here 10.8.0.1) and nothing more (only if destination is ..104 !). > > Appended the shorewall.dump.txt file as recommended. > > What can be the reasong?? We urgently need the connection to > destination 192.100.100.104 as it is used as license server!Sounds like 192.100.100.104 has an incorrect or missing default gateway setting. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2