[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    [Sidewinder] Mysterious VPN Drops
From:       sidewinder-admin () adeptech ! com
Date:       2003-07-01 19:58:50
[Download RAW message or body]

Folks,

    I've had several SoftRemote VPN users, the ones that tend to stay in 
telnet sessions for long periods of time, complain about frequent 
"drops".  Most found that they had to Deactivate and Reactivate SoftRemote 
to get it going again, and generally lost their work since the last 
'save'.  It's been a real sore spot for them, and wasn't doing much for my 
popularity.  While troubleshooting with one of them, I ran across something 
that others may find of interest.

    TCPDUMP revealed that though their telnet session was using the VPN, 
their mail client was checking for mail over the Internet.  The IMAP server 
resides in a protected network behind the same Sidewinder, so both the mail 
queries and the VPN were hitting the same external NIC.  Every time they 
checked for mail, there would be a burst of UDP 500 traffic -- the VPN was 
re-negotiating.  Since they check for new mail every 5 minutes, that 
created a LOT of opportunities for failure.  By changing the mail client to 
use the private IP address of the mail server so that their mail queries 
went through the VPN, the problem went away.

    Another way to accomplish the same thing is to have the users point to 
the Internal DNS server, so that the name resolves to a private address 
defined in the VPN policy.  There are probably applications other than mail 
that could cause the same problem, but none come to mind right now.  Hope 
someone else finds this useful.

Dave

_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]