R: [Openswan Users] ipsec/l2tpd up but Terminal server Does not work

Federico fviel at comune.belluno.it
Fri Jun 9 12:51:03 CEST 2006


Hello,
Yesterday I work hard on that problem... And I managed to find out what it
was... 
It seems to be a network interface problem. I "destruct" my VPN server
And use it just as a router in the following way:
 ________________
|PC1(192.168.1.2) |---|(192.168.1.1) ROUTER (10.6.100.1)|---PC2(10.6.100.2)

If I pass through 2 (two) hp nc7771 PCI64 network interface the Terminal
server connection problem arise, but if I just use one (of 2) (low-cost)
RNTLINK net. interface everything works fine!!
Back in VPN GW mode and.... Voilà! VPN is now working correctly...
I tried to change autonegotiation speed, mtu etc. but with no results...
So the problem now is to find out how to work with these nc7771...
Because I don't think that they are broken....
Any Idea?
Thank you.
FV


> -----Messaggio originale-----
> Da: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Per
> conto di Potato Chip
> Inviato: giovedì 8 giugno 2006 21.21
> A: users at openswan.org
> Oggetto: RE: [Openswan Users] ipsec/l2tpd up but Terminal server Does not
> work
> 
> I have been dealing with a similar problem for the past month. The only
> difference is my ipsec tunnel is connected between 2 openswan endpoints,
> both running linux v2.6.16. Also, I am only having the problem
> connecting via remote desktop with a windows 2003 server, which happens
> to be an active directory DC for my network. Typically, a reboot fixes
> the problem, until a few days later when the problem reappears. Remoting
> to other windows servers is fine.
> 
> Needless to say, this has been a vexing problem for me. Several months
> of testing discovered no problems at all with the transition. Only after
> starting the migration into a production environment did the problems
> become apparent.
> 
> I am still testing at this point, but for me, it appears to be a MTU
> problem with windows 2003. win2003 blatantly seems to ignore ICMP3
> packets. I could find no effective means of setting an MTU on the
> win2003 machine. It continues to send length 1400+ byte packets, even
> though I have set registry settings to set the MTU to 1200 bytes.
> 
> I followed the advice on this msft support page. I just set every
> registry setting.
> http://support.microsoft.com/kb/314825/en-us
> 
> Thus far, I have not seen the problem reappear. However, I am still
> testing, when I get time, to figure out *exactly* what the problem was.
> 
> Good luck and let me know what you find,
> Jae
> 
> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
> Behalf Of Federico
> Sent: Thursday, June 08, 2006 12:13 AM
> To: users at openswan.org
> Subject: [Openswan Users] ipsec/l2tpd up but Terminal server Does not
> work
> 
> 
> Hello,
> 
> I’m having a strange problem:
> Ipsec/l2tpd vpn start corretctly and I can ping in both sides, I can
> connect for example in a ssh to my servers on the LAN
> But when I try to do a Windows Terminal Service (WTS) connection in a
> server on the LAN, It doesn't work. Using tcpdump I can see (encrypted)
> packets go back and forth from VPN server to PC....(I can see also the
> decrypted packet going in and out from eth1 (lan).. WTS packet also...
> as everything was ok... So it seems that the windows clients doesn't
> work.... but only for wts packets...
> 
> 
> I already try to modify the mtu size on options.l2tpd, eht3 (VPN), eth1
> (LAN) but....
> 
> I use the same l2tpd (0.70)and ipsec (2.2.0.8) version of another vpn
> server (kernel 2.6.8) where everything works fine.... The only
> difference with this is the linux kernel: 2.6.16 Could you help me?
> Thank you in advance
> 
> =============================================
> Federico Viel
> Multibel srl
> Via Marisiga, 111
> 32100 Belluno
> Italy
> E-Mail:  fviel at comune.belluno.it
> Direct:+39 (0437) 25768
> FAX: +39 (0437) 958854
> Cell:+39 393 9752460 =============================================
> 
> 
> _______________________________________________
> Users at openswan.org http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n(3155
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n(3155



More information about the Users mailing list