VPN behind Linux Firewall
Mon, 24 Jun 2002 17:57:41 +0100
On Monday 24 June 2002 5:48 pm, kayegee wrote:
> I have a LINUX firewall protecting my local LAN. I have 2 computers that
> use the Nortel VPN client to connect to my office. I can make the VPN
> connection, but I can't seem to stay connected for more than 10 to 15 min.
> Suddenly the system stops responding. If you look at the VPN icon, only the
> top half of the icon blinks. When things are working properly, both the top
> and bottom half of the VPN icon flash. While this is happening, other
> computers connected to the Internet continue to work without a problem. I
> was looking in /proc/net/ip_conntrack file and notice that I seem to lose
> my connection every time I get an entry like the following in that file:
> unknown 50 523 src=192.168.XX.X dst=188.8.131.52 src=184.108.40.206
> dst=XX.XXX.XXX.XX use=1
> I'm not sure why I'm getting an unknown packet. I'm also not sure how
> iptables should handle an unknown packet. If anyone can shed some light on
> this subject, I'd greatly appreciate it.
'unknown' in this context simply means that the logging system doesn't know
what to call protocol 50, which is ESP. Therefore I surmise that the Nortel
application is using IPsec.
Are you saying that this entry is *not* present in the connection tracking
table whilst the VPN connection is operational ?
I think it might be interesting to add a logging rule, or use tcpdump /
ethereal etc, to look for UDP packets from source port 500 to source port
500, and see if these appear soon before the connection goes downj ?
UDP 500 is the Internet Key Exchange (IKE) protocol, and the two end systems
might be trying to re-key (although 10-15 minutes is a bit quick), and
something might be blocking that ?
Just a thought.