Hi bishop,
thats correct! After a few days with some abnormal line disconnects i
end up with lots of zombie ethertaps. In v3.0.2 i used "multi killold"
to get a new connection after disconnect and don´t be rejected by the
server because a other zombie session is currently established.
thats why i asked last time, why keepalive is not working properly. You
told me that something related was fixed in v3.0.3. but i can not check
this, because i had implemented my own solution to detect a zombie
ethertap by take a look at changing counters in /proc/net/dev and
killing the related vtun process and restart the session if there is no
traffic flow encountered.
So Thomas have to try one's luck :)
Liebe Grüße aus Freilassing,
Michael Rack
RSM Freilassing
--
RSM Freilassing Tel.: +49 8654 607110
Nocksteinstr. 13 Fax.: +49 8654 670438
D-83395 Freilassing www.rsm-freilassing.de
Am 13.09.2012 08:48, schrieb bishop:
> Michael,
>
> On a side note: Have you had good luck with Multi-Yes and tunnels
> dying like they should? The last time I worked with it, I had a gang
> of lame zombie ethertaps laying about after a few disconnects, but
> that was back in the 2.6 days.
>
> 'speed 0' and 'multi yes' are already the default.
>
> - bish
>
>
> Michael Rack wrote:
>> Hi Thomas,
>>
>> you need to add a bridge device.
>>
>>> brctl addbr tundevices
>>
>> Now you have to add some lines to your vtund.conf in your profile
>> section:
>>
>>> options {
>>> ...
>>> }
>>>
>>> my-profile {
>>> pass mysecreat;
>>> type ether;
>>> proto udp;
>>> encr no;
>>> keepalive yes;
>>> compress no;
>>> speed 0;
>>> multi yes;
>>> up {
>>> programm "/sbin/brctl addif tundevices %%";
>>> };
>>> }
>>
>> Important stuff:
>> * multi
>> * keepalive
>> * up
>>
>> Be sure to use VTUN v3.0.3
>> http://downloads.sourceforge.net/project/vtun/vtun/3.0.3/vtun-3.0.3.tar.gz
>>
>>
>> Now you see all traffics on interface "tundevices".
>>
>> Liebe Grüße aus Freilassing,
>>
>> Michael Rack
>> RSM Freilassing
>> --
>> RSM Freilassing Tel.: +49 8654 607110
>> Nocksteinstr. 13 Fax.: +49 8654 670438
>> D-83395 Freilassingwww.rsm-freilassing.de
>>
>> Am 12.09.2012 03:16, schrieb Justin Thomas:
>>> Hi folks,
>>>
>>> I'm a new vtun user and a new subscriber to this list, so my apologies
>>> if this is a simple question that has already been answered; I didn't
>>> have much luck with Google.
>>>
>>> I'm attempting to use vtun as part of an IDS solution within Amazon
>>> EC2/VPC. I have ether tunnels set up between each server and my IDS
>>> sensor. On each server, I'm using daemonlogger to copy data from the
>>> exposed interface to the virtual tap interface tunneled by vtun (which
>>> is incidentally connected via a third, unexposed interface on each
>>> system). So far so good.
>>>
>>> The picture in my mind was of a hub and spoke model where all of the
>>> endpoint tap devices were bridged to a single tap device on the IDS
>>> sensor (like tap0). What I seem to be seeing is that each tunnel to
>>> each endpoint requires a separate tap interface on the sensor (tap1,
>>> tap2, tap3) with unique configuration in the vtund.conf file for each
>>> system/session. To do otherwise (i.e., share a tap and/or session on
>>> the sensor across all of the "remote" servers) just generates
>>> "connection refused" messages to my endpoints.
>>>
>>> Is there a more efficient way to do this? Or is the only way to make
>>> this work to manage individual configuration items in vtund.conf for
>>> each server and, likewise, allocate separate tap interfaces for each
>>> (necessitating more complicated IDS software configuration to account
>>> for the many interfaces that will be monitored).
>>>
>>> Thanks in advance for any advice!
>>> Justin
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>>
>>>
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond.
>>> Discussions
>>> will include endpoint security, mobile security and the latest in
>>> malware
>>> threats.http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>
>>>
>>> _______________________________________________
>>> Vtun-Users mailing list
>>> Vtun-Users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/vtun-users
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>>
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>> Discussions
>> will include endpoint security, mobile security and the latest in
>> malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>
>>
>>
>> _______________________________________________
>> Vtun-Users mailing list
>> Vtun-Users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/vtun-users
>>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Vtun-Users mailing list
Vtun-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vtun-users
