[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    [Sidewinder] VPN and firewall Interfaces
From:       sidewinder-admin () adeptech ! com
Date:       2003-11-27 4:04:11
[Download RAW message or body]

I have couple problems with VPN settings, any help is welcome.
Sidewinder version: G2 6.0.0.05
1. VPN terminates in a burb. Without any address translation, I can
access my whole network (10.10.0.0/16), except for the sidewinder's
interfaces.
When the VPN terminates in a virtual burb, I can't access the IP
addresses of any of G2's interfaces. Everything else is accessible.
When the VPN terminates in a non-virtual burb (that is one that has an
interface assigned to it), the burb's inteface IP address is accessible
from within the VPN,but other G2's interfaces are not.
The funny thing is that only local G2's interfaces cannot be accessed
(those that are accessed using lo0), everything else can be accessed
without any problems.
With NAT enabled for the VPN connections, everything works fine and the
G2 interfaces can be accessed without any problems.
Looks to me like a routing problem related to Lo0 (one of many related
to Lo0 - similar problem is experienced accessing IP aliases of
interfaces which are not local to a source burb).
tcpdump -lo0  host 10.10.3.1 (for example) gives following results:
 tcpdump -i lo0 host 10.10.3.1                 /etc/namedb.u
tcpdump: listening on lo0
12:11:51.768431 10.10.3.1 > 10.10.3.1: icmp: echo request
12:11:51.768449 10.10.3.1 > 10.10.3.1: icmp: echo reply
12:11:52.769505 10.10.3.1 > 10.10.3.1: icmp: echo request
12:11:52.769512 10.10.3.1 > 10.10.3.1: icmp: echo reply
12:13:18.059196 172.16.0.1 > 10.10.3.1: icmp: echo request
12:13:19.252350 172.16.0.1 > 10.10.3.1: icmp: echo request
first 2 pings are with SNAT set to host: localhost
last 2 pings are without any address translation. 172.16.0.1 is the IP
addres of the host in VPN
10.10.3.8 for example is accessible with and without SNAT.
I don't want to use NAT for that, since I'd loode the level of
granularity in log files - everything would come from 10.10.3.1 instead
of coming from different hosts.
If anyone knows how to go about that, please respond.

2. Second problem is related to 'SoftRemote' which is the recommended
VPN client supposed to work best with G2.
The 'virtual adapter' of SoftRemote is to be used to get the DNS and
WINS settings from the firewall. The thing is, sometimes it works, and
sometimes it doesn't. The whole Virtual Adapter is a very unstable
feature.
Do you guys have any experience when SoftRemote would work with Vitual
Adapter set to 'required' (as recommended) on different Windows
operating systems? (i.e. works fine at my home, win2000, but doesn't
work at all on one ox the XP's etc.. actually at home it works about 70%
of time.)
Do you know of any other way to make the road warriors access Microsoft
Networking through VPN? with DNS and WINS preferably.
I've asked the questions to Sidewinder's award-winning support people,
but as usually they have no idea (yes, the trouble ticket is still
open).

Thanks for any help


_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic