www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Unable to pass traffic after manual disable then re-enable.

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> VPN
View previous topic :: View next topic  
Author Message
vasili



Joined: 19 Aug 2009
Posts: 12
PostPosted: Thu Jun 17, 2010 4:03 pm    Post subject: Unable to pass traffic after manual disable then re-enable. Reply with quote
I have a lan-to-lan VPN setup as the following:

-=Site A=-
eth00(LAN) 10.2.20.1/16
eth01(Internet) 209.1.1.1/30
vpn00 172.16.100.2/24

Routes:
0.0.0.0 -> eth01
10.4.0.0 -> 172.16.100.4
Test PC 10.2.1.1

-=Site B=-
eth00(LAN) 10.4.40.1/16
eth01(Internet) 63.1.1.1/30
vpn00 172.16.100.4/24

Routes:
0.0.0.0 -> eth01
10.2.0.0 -> 172.16.100.2
Test PC 10.4.1.1

Traceroute from 10.2.1.1 to 10.4.1.1 looks correct and vice versa.

Upon installing adding the routes and VPN interface the tunnel comes up and passes traffic.
I have one client machine on each side of the tunnel and have been testing bandwidth with iperf.
Persistant ping is running on each machine back towards the other machine.
On site B I go to the VPN00 interface and uncheck the UP checkbox to bring down interface and the pings stop.
Once I check the box to re-enable, each VPN00 interface shows that it's connected to the other but I'm unable to ping the remote clients.

Traceroute from SiteA(10.2.1.1) to SiteB(10.4.1.1) looks like this:
10.2.20.1 -> 209.1.1.2 -> 209.9.9.9 -> and then 'destination network unreachable.'
The 209.1.1.2 address is the router connected to eth01 and 209.9.9.9 is the border router to the internet from my ISP.
Looks like the traffic isn't being directed to the tunnel.
Symptoms are the same going from the other end.

From each zeroshell box I can ping both 172.16.100.2 and 172.16.100.4 but not beyond. I can only ping the local 172.16 address from each client PC.

I'm not sure where to go with this.
How does taking the VPN interface down and bringing back up affect routing like this? Any suggestions?

I appreciate any help.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece
PostPosted: Thu Jun 17, 2010 6:51 pm    Post subject: Reply with quote
The routes are erased from the routing table, because the interface no longer exists. This is a normal behaviour. Once the tunnel is up again you have to manually add the routes again or have some options in the vpn tunnel to add the routes upon connecting.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
vasili



Joined: 19 Aug 2009
Posts: 12
PostPosted: Thu Jun 17, 2010 7:00 pm    Post subject: Reply with quote
I removed the static route entries and added them back and traffic is passing again. So even though the gui showed the statics they weren't in the table?

Thanks for the quick response. You are always helpful to everyone.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece
PostPosted: Fri Jun 18, 2010 6:31 am    Post subject: Reply with quote
Maybe there is a bug there. To verify it please try the same and instead of looking at the web interface, open a ssh connection or connect with keyboard and monitor on the terminal and issue the command
Code:
route -n
This way we'll see if the routes are added back again to the routing table.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> VPN All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group