[Durham] openswan ipsec issue
Richard at helpquick.co.uk
Thu Nov 10 06:33:05 UTC 2011
> Sometimes I get the following messages, if I tail the syslog regarding my openswan startup
-- snip --
I doubt if it's a nat problem... from your iptables, it looks like you are only nating routed packets, not the server itself.
> This can intermittently prevent me from connecting from home. So I issue this command
Do you only have a problem after a server reboot, or does it happen even when the server has been up for a while?
> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
^^^ This will only nat routed packets, and will not touch anything coming from the server itself, or going to the server itself.
> iptables -A INPUT -j DROP
^^^ I assume you do have a rule to allow the VPN connections?
> Have I missed something that u can see?? Ive also noticed from the first day of renting this server,
> that ssh takes a little while to respond to my request to login. I am using a none standard port for ssh
> connections but Ive never had such a slow response to ssh'ing on a none standard port before????
> Sometimes takes up to 20 secs to respond ??? Any ideas??
SSH delay sounds like a DNS lookup problem, look at /etc/resolv.conf, or disable dns in /etc/ssh/sshd_config (Add a line: UseDNS no)
Which distro you running on it?
More information about the Durham