[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: problem with vpn



On 10/24/06, Eric Tanguy <eric tanguy univ-nantes fr> wrote:
Le mardi 24 octobre 2006 à 11:20 -0700, Tod Merley a écrit :
> On 10/24/06, Eric Tanguy <eric tanguy univ-nantes fr> wrote:
> > I'm not sure this problem is related to fedora but ...
> > I use a vpn connection to connect from home to my university. This
> > connection uses a java software client.
> > the connection is established so i try to make a nslookup something and
> > the system answers well. I retry the same nslookup command 1 minute
> > later and the system answer connection timeout.
> > I can't understand where the problem come from. The connection seems to
> > be established for a very quick time and after that all is down.
> > The same connection worked fine few weeks before so maybe it's related
> > to an update ?
> > If i reboot the same machine on winxp the vpn connection works like a
> > charm ...
> > Someone could point to me in a direction ?
> > Thanks
> >
> > Eric
> >
> >
> >
> > --
> > fedora-list mailing list
> > fedora-list redhat com
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >
>
> Hi Eric Tanguy!

Hi Tod Merley!

>
> I am a bit confused.  Are you running nslookup on your local machine
> or on the machine you have a VPN connection to?

Yes i'm running nslookup on my local machine and at the beginning it
works fine using dns from the vpn network and just after the dns stop to
answer.

>
> I would be suspicious that a firewall setting prevents a needed
> service?  Kind of a long shot guess.

It coould be the local machine firewall but i use firestarter and i
disable it before to make a vpn connection

>
> This might be a good time to get into using a protocol analyzer:
>
> http://www.ethereal.com/
>

I already try something like that but it's difficult for me to use these
datas.
It seems that the local machine send a request to the dns without any
answer.

> Note you can use it with Windows as well so you could do an "A" - "B"
> comparison.
>
> I have run into nameservers which improperly respond to IPv6 DNS
> queries.  Basically they based their firmware on a faulty MS provided
> development kit.  New firmware is one cure, eliminating the faulty
> nameserver from the list in /etc/resolve.conf another.
>

Maybe it could be usefull to disable ipv6 but i can't remember how to do
that.

> Good hunting!
>
> Tod
>

--
fedora-list mailing list
fedora-list redhat com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


Hi Again Eric!

You wrote:
Yes i'm running nslookup on my local machine and at the beginning it
works fine using dns from the vpn network and just after the dns stop to
answer.

I take it that the DNS server is on the VPN?  A couple of thoughts:

1. The protocol used by the OSS nslookup verses the MS nslookup may be
differant.

2. The protocol may be seen by security software on the VPN as hostile
and so it may shut you down.

3. Linux may use differant ports than MS and my hit a firewall on the VPN side.

4. The problem may go away if you update the DNS server software
and/or firmware.

5. The problem may go away if you update the linux software (nslookup,
kernel, etc..).

We are kind of shooting in the dark here.  There may well be useful
information in /var/log. The Ethreal output is easier to read than raw
tcpdump.

Some DNS tools for the road:

http://www.dns.net/dnsrd/tools.html

http://www.linuxjournal.com/article/4597

http://www.usinglinux.org/dns/

Good Hunting!

Tod


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]