This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

site2site VPN and remote access stopped

I am running 8.300. Today I noticed that my site 2 site VPN and my L2TP (iphone) remote access stopped working for my local astaro.

All I could find strange in the logs for my local machine was packet filter dropping packets from my remote site2site VPN machine.

2012:01:09-00:00:18 brk ulogd[5543]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:1d:a2:xx:xx:xx" dstmac="0:11:a:xx:xx:xx" srcip="70.123.XX.XX" dstip="72.183.XX.XX" proto="6" length="64" tos="0x00" prec="0x00" ttl="55" srcport="62942" dstport="36804" tcpflags="SYN"

To test the packet filter, I added a rule to allow all traffic from the remote machine. remote_ip -> any -> any.

After this, the packets were still dropping.

Not sure where else to look, I rebooted the machine.

When it came back up, I found the site to site tunnel was up and all was working fine.

Suggestions?

This thread was automatically locked due to age.

0 d12fk over 13 years ago in reply to brk

You should be able to see if the interface changes state by looking at /var/log/confd-debug.log.
Cancel
Vote Up 0 Vote Down

Cancel
0 brk over 13 years ago

Status is going to 0 when I click the disable button.  Also, I see the network traffic fail over to the DSL interface.

plx" call="change_object" object="$VAR1 = {
2012:01:11-10:09:23 brk confd[2936]:           'from_external' => 1,
2012:01:11-10:09:23 brk confd[2936]:           'ref' => 'REF_CISYykEoWG',
2012:01:11-10:09:23 brk confd[2936]:           'lock' => '',
2012:01:11-10:09:23 brk confd[2936]:           'data' => {
2012:01:11-10:09:23 brk confd[2936]:                       'proxyarp' => 0,
2012:01:11-10:09:23 brk confd[2936]:                       'link' => 1,
2012:01:11-10:09:23 brk confd[2936]:                       'inbandwidth' => 30000000,
2012:01:11-10:09:23 brk confd[2936]:                       'status' => 0,
2012:01:11-10:09:23 brk confd[2936]:                       'additional_addresses' => [],
2012:01:11-10:09:23 brk confd[2936]:                       'itfhw' => 'REF_UvMKjVRrzd',
2012:01:11-10:09:23 brk confd[2936]:                       'name' => 'Cable (WAN)',
2012:01:11-10:09:23 brk confd[2936]:                       'hostname' => '***.homelinux.com',
2012:01:11-10:09:23 brk confd[2936]:                       'bandwidth' => 0,
2012:01:11-10:09:23 brk confd[2936]:                       'primary_address' => 'REF_mDDRcRDdLP',
2012:01:11-10:09:23 brk confd[2936]:                       'comment' => 'Added by installation wizard',
2012:01:11-10:09:23 brk confd[2936]:                       'proxyndp' => 0,
2012:01:11-10:09:23 brk confd[2936]:                       'outbandwidth' => 1700000,
2012:01:11-10:09:23 brk confd[2936]:                       'mtu' => 1500
2012:01:11-10:09:23 brk confd[2936]:                     },
2012:01:11-10:09:23 brk confd[2936]:           'type' => 'cable',
2012:01:11-10:09:23 brk confd[2936]:           'hidden' => 0,
2012:01:11-10:09:23 brk confd[2936]:           'class' => 'interface',
2012:01:11-10:09:23 brk confd[2936]:           'autoname' => '0',
2012:01:11-10:09:23 brk confd[2936]:           'nodel' => ''
2012:01:11-10:09:23 brk confd[2936]:         };" external="1"

2012:01:11-10:13:16 brk confd[2936]: D Object::set_object:1073() => id="3100" severity="debug" sys="System" sub="confd" name="set_object" user="admin" srcip="192.168.1.101" facility="webadmin" client="index.
plx" call="change_object" object="$VAR1 = {
2012:01:11-10:13:16 brk confd[2936]:           'from_external' => 1,
2012:01:11-10:13:16 brk confd[2936]:           'ref' => 'REF_CISYykEoWG',
2012:01:11-10:13:16 brk confd[2936]:           'lock' => '',
2012:01:11-10:13:16 brk confd[2936]:           'data' => {
2012:01:11-10:13:16 brk confd[2936]:                       'proxyarp' => 0,
2012:01:11-10:13:16 brk confd[2936]:                       'link' => 1,
2012:01:11-10:13:16 brk confd[2936]:                       'inbandwidth' => 30000000,
2012:01:11-10:13:16 brk confd[2936]:                       'status' => 1,
2012:01:11-10:13:16 brk confd[2936]:                       'additional_addresses' => [],
2012:01:11-10:13:16 brk confd[2936]:                       'itfhw' => 'REF_UvMKjVRrzd',
2012:01:11-10:13:16 brk confd[2936]:                       'name' => 'Cable (WAN)',
2012:01:11-10:13:16 brk confd[2936]:                       'hostname' => '***.homelinux.com',
2012:01:11-10:13:16 brk confd[2936]:                       'bandwidth' => 0,
2012:01:11-10:13:16 brk confd[2936]:                       'primary_address' => 'REF_mDDRcRDdLP',
2012:01:11-10:13:16 brk confd[2936]:                       'comment' => 'Added by installation wizard',
2012:01:11-10:13:16 brk confd[2936]:                       'proxyndp' => 0,
2012:01:11-10:13:16 brk confd[2936]:                       'outbandwidth' => 1700000,
2012:01:11-10:13:16 brk confd[2936]:                       'mtu' => 1500
2012:01:11-10:13:16 brk confd[2936]:                     },
2012:01:11-10:13:16 brk confd[2936]:           'type' => 'cable',
2012:01:11-10:13:16 brk confd[2936]:           'hidden' => 0,
2012:01:11-10:13:16 brk confd[2936]:           'class' => 'interface',
2012:01:11-10:13:16 brk confd[2936]:           'autoname' => '0',
2012:01:11-10:13:16 brk confd[2936]:           'nodel' => ''
2012:01:11-10:13:16 brk confd[2936]:         };" external="1"
Cancel
Vote Up 0 Vote Down

Cancel
0 brk over 13 years ago

Remote access and site 2 site stopped working again today.  I didn't change anything significant that I know of over the past 5 days other then adding a new SSID to wireless.

When I was out today and tried it for the first time in a long time there was once again no remote access.  toggling on/off the site2site vpn and it worked again.

BTW - anyway to move this to the correct thread?  I'm sorry I didn't see the correct section for VPN before I posted.
Cancel
Vote Up 0 Vote Down

Cancel