Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 9082 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

site2site VPN and remote access stopped

brk
I am running 8.300.  Today I noticed that my site 2 site VPN and my L2TP (iphone) remote access stopped working for my local astaro.

All I could find strange in the logs for my local machine was packet filter dropping packets from my remote site2site VPN machine.

2012:01:09-00:00:18 brk ulogd[5543]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:1d:a2:xx:xx:xx" dstmac="0:11:a:xx:xx:xx" srcip="70.123.XX.XX" dstip="72.183.XX.XX" proto="6" length="64" tos="0x00" prec="0x00" ttl="55" srcport="62942" dstport="36804" tcpflags="SYN" 

To test the packet filter, I added a rule to allow all traffic from the remote machine.  remote_ip -> any -> any.

After this, the packets were still dropping.

Not sure where else to look, I rebooted the machine.

When it came back up, I found the site to site tunnel was up and all was working fine.

Suggestions?


This thread was automatically locked due to age.
Parents
  • 0
    Digging into what I was seeing earlier - the dropped packets in the firewall log.  Does this make any sense?

    # Before - all working
    iptables --list-rules > iptables.log.ipsec_working

    # Disable the interface in the interface tab
    iptables --list-rules > iptables.log.ipsec_off

    # Re-enable the interface tab
    iptables --list-rules > iptables.log.ipsec_dead


    Now - compare the results 

    brk:/tmp # diff iptables.log.ipsec_working iptables.log.ipsec_interface_off  | sed 's/70.123\..*\.*\//70.123.***.***\//g;s/72.183\..*\.*\//72.183.yyy.yyy\//g;s/172\..*\..*\.*\//172.zzz.zzz.0\//g'

    64,65d63


    And I see no change from interface being off to being back on... 

    brk:/tmp # diff iptables.log.ipsec_interface_off iptables.log.ipsec_dead  | sed 's/70.123\..*\.*\//70.123.***.***\//g;s/72.183\..*\.*\//72.183.yyy.yyy\//g;s/172\..*\..*\.*\//172.zzz.zzz.0\//g'

    brk:/tmp #
Reply
  • 0
    Digging into what I was seeing earlier - the dropped packets in the firewall log.  Does this make any sense?

    # Before - all working
    iptables --list-rules > iptables.log.ipsec_working

    # Disable the interface in the interface tab
    iptables --list-rules > iptables.log.ipsec_off

    # Re-enable the interface tab
    iptables --list-rules > iptables.log.ipsec_dead


    Now - compare the results 

    brk:/tmp # diff iptables.log.ipsec_working iptables.log.ipsec_interface_off  | sed 's/70.123\..*\.*\//70.123.***.***\//g;s/72.183\..*\.*\//72.183.yyy.yyy\//g;s/172\..*\..*\.*\//172.zzz.zzz.0\//g'

    64,65d63


    And I see no change from interface being off to being back on... 

    brk:/tmp # diff iptables.log.ipsec_interface_off iptables.log.ipsec_dead  | sed 's/70.123\..*\.*\//70.123.***.***\//g;s/72.183\..*\.*\//72.183.yyy.yyy\//g;s/172\..*\..*\.*\//172.zzz.zzz.0\//g'

    brk:/tmp #
Children