On 8/20/2010 12:56 PM, Tim Burns wrote:
I have 2 machines that often are on a public wireless network at a local
building. My office had a Netgear FVS-338 firewall, and we are
establishing our tunnels to that box using the shrew client.
When we are both on at the same time, I have seen two things.
First, sometimes when the person on the second machine logs in on a
remote destop connection, the first person's connection to remote
desktop (on a different machine) disconnects.
Second, if either person disconnects the tunnel from their machine, all
access is lost for the other machine, even though shrew's status says
that the tunnel still exists.
I have tried setting these up on different rules within the firewall and
with different address ranges so there is not a conflict, that didn't
change anything.
Is this just part of the vpn, or am I missing something that allows us
to independently control our tunnels?
Quite likely, this is a problem with the VPN gateway firmware. The
client has no knowledge of other clients connected to the gateway. If
communication errors occur when another user disconnects, the gateway is
removing SA's it shouldn't be.
The other possibility is that you have two IPsec client connections
being routed through a single firewall that has "IPsec pass-through"
features enabled. This is an evil option that firmware authors added to
SOHO firewalls which allows non NAT-T enabled clients to work ( kind of
) through a NAT. The problem is that it inevitably screws up VPN client
communications when more that one client connects simultaneously from
behind the same "IPsec pass-through" enabled firewall. If there is such
a device, try looking at the management interface and see if it has this
feature enabled. If so, try disabling it.
-Matthew
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
