[Durham] openswan ipsec issue

Richard Patterson Richard at helpquick.co.uk
Thu Nov 10 06:33:05 UTC 2011


> Sometimes I get the following messages,  if I tail the syslog regarding my openswan startup

-- snip --

I doubt if it's a nat problem... from your iptables, it looks like you are only nating routed packets, not the server itself.

> This can intermittently prevent me from connecting from home.  So I issue this command

Do you only have a problem after a server reboot, or does it happen even when the server has been up for a while?

> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

^^^ This will only nat routed packets, and will not touch anything coming from the server itself, or going to the server itself.

> iptables -A INPUT -j DROP

^^^ I assume you do have a rule to allow the VPN connections?


> Have I missed something that u can see??  Ive also noticed from the first day of renting this server,
> that ssh takes a little while to respond to my request to login. I am using a none standard port for ssh
> connections but Ive never had such a slow response to ssh'ing on a none standard port before????
> Sometimes takes up to 20 secs to respond ???  Any ideas??

SSH delay sounds like a DNS lookup problem, look at /etc/resolv.conf, or disable dns in /etc/ssh/sshd_config (Add a line:  UseDNS no)


Which distro you running on it?

Regards

Richard



More information about the Durham mailing list