Gordon Messmer wrote:
> I feel somewhat productive today. :)
>
> I've written a few new scripts (and improved an old one) that I'd like
> some feedback on. Some of you might find them very useful.
>
OK Gordon, you asked for it :-)
First off, I've got the vnp working but had a little problem with the
firewall. See my ipchains and VPN post and please feel free to comment.
Last night I finished working from home and shut down my dialup link with
ifdown ppp0. Being a dumb user, I did nothing with the vpn connection.
This morning I noticed a lot of messages in one of my xterms:
netmask: Host name lookup failure
grep: /var/run/ppp-vpn0.pid: No such file or directory
tulfw1: Network is unreachable
Failed to open /dev/ttyp0: Input/output error
grep: /var/run/ppp-vpn0.pid: No such file or directory
ipcalc: ip address expected
ipcalc: ip address expected
ipcalc: ip address expected
netmask: Host name lookup failure
grep: /var/run/ppp-vpn0.pid: No such file or directory
tulfw1: Network is unreachable
Failed to open /dev/ttyp0: Input/output error
grep: /var/run/ppp-vpn0.pid: No such file or directory
ipcalc: ip address expected
ipcalc: ip address expected
ipcalc: ip address expected
repeated over and over and still going.
I had already brought up my dialin connection with ifup ppp0
No working vpn (duh)
ifdown vpn0
killed the ppp1 interface used last night for the vpn as reported by
ifconfig
ifup vpn0
looked ok from ifconfig but no working vpn (hmm.)
noticed that the ipaddress is the second in the pool. (I am the only one
doing this right now)
I then ssh'ed to the firewall where I noticed two ppp connections ppp0 and
ppp1 (should have been only one)
Here the problem is do to my test firewall scripting since the ipchans
rules I added are ppp0 specific.
client: ifdown vpn0
server: only ppp0 connection now
server: ps aux showed vpn-start sill running as well as the ssh -q ...
server: killed the pid of vpn-start
server: no ppp connections
client: ifup vpn0
client: looks good ppp0 up with the first address in the pool
server: we're jammin' again.
client: check mail (netscape to internal mailserver) works well!
The order of my experience is very close if not dead on what I actually did
and saw this morning. It looks to me like there need to be some mechanism
to tie the vpn connection to a working network connection if it cannot
recover from a dropped dialin. There are no messages in the server log
relating to a problem over night with the ssh session. Should I have done
something different in restarting the ppp connection?
I noticed in my testing before I got it working that I got two ssh -q...
sessions active at the same time on the client when the timeouts were
occurring. Has the ssh session on the client dropped and is trying to
restart it while the server to still thinks it is up?
let me know if you need me to try and recreate this and I will give it a
shot.
Hope this helps. I for one appreciate the work you have done and hope to
use it often.
BTW the docs are ok But for the novice user (hell I can't claim novice, so
maybe that should read non-guru user) some information on the ipchains
rules necessary would be good.
I have not been all the way through your init.firewall script yet and thus
have not tried it. Perhaps this is addressed there?
Comments welcome (including the old dumb*, you should have done blah blah
blah instead of blah blah).
Bret
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
