(This issue is on a NAT'ing router running ipfilter 4.1.23, on a
NetBSD 4.0beta machine. i386.)
I have a problem getting the Nortel Contivity client working
properly on a windows machine in my house. It seems to just "lose
connection" to the VPN server after 5-10 minutes. Looking at the
traffic flow, I'm not 100% sure what's wrong. Things seem to work
just fine, until at some point, for some unknown reason, the windows
machine doesn't send any outgoing traffic on the NAT-Traversed UDP
session for long enough that ipfilter/ipnat closes down the return
path for UDP data. UDP traffic "keep state" entries are kept open
for 60 seconds? Is there any way, perhaps even for a specific rule,
to change the amount of time a UDP return path state entry will
remain open without expiring?
Thanks. I don't think this is what's causing the problem, I think
it's likely some windows craziness. But, if I was able to increase
that timer to something more like 5 minutes, I think it may allow me
to work around whatever *is* causing the problem.
Thanks!
- Chris
- Variable state entry timeouts? Chris Ross
-
