[Durham] openswan ipsec issue

Andrew Glass andrewglass3 at gmail.com
Thu Nov 10 06:58:04 UTC 2011


Morning Richard

Thanks for your  quick reply :) Much appreciated….

Do you only have a problem after a server reboot, or does it happen even when the server has been up for a while?

Occasionally I will disconnect during the session however reboots are always a laugh.  Im running this on Ubuntu 11.10 and I have allowed the standard openswan ports for udp 500 and 4500 and 1701 for xl2tpd.

SSH delay sounds like a DNS lookup problem, look at /etc/resolv.conf, or disable dns in /etc/ssh/sshd_config (Add a line:  UseDNS no)

Your suggestion of (UseDNS no) has solved my slow logins :) You're a star! :)

Now its just to figure out the very occasional vpn drops (this is my first time with openswan and xl2tpd).

The other thing Im curious about,  I would like to keep a track of how much data Im using over the vpn, track my ip address (to see how often it changes with talk talk fibre optic broadband), show my local network ip details etc, Im not bothered about tracking web pages  etc etc …Are there particular files within openswan which I can reference from a php page to display this on an admin page for example?

Eventually I would like this little OVH box to be my VPN, DNS and WEB server too :)_

Many thanks again 

Cheers

Andy

>> Sometimes I get the following messages,  if I tail the syslog regarding my openswan startup
> 
> -- snip --
> 
> I doubt if it's a nat problem... from your iptables, it looks like you are only nating routed packets, not the server itself.
> 
>> This can intermittently prevent me from connecting from home.  So I issue this command
> 
> Do you only have a problem after a server reboot, or does it happen even when the server has been up for a while?
> 
>> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 
> ^^^ This will only nat routed packets, and will not touch anything coming from the server itself, or going to the server itself.
> 
>> iptables -A INPUT -j DROP
> 
> ^^^ I assume you do have a rule to allow the VPN connections?
> 
> 
>> Have I missed something that u can see??  Ive also noticed from the first day of renting this server,
>> that ssh takes a little while to respond to my request to login. I am using a none standard port for ssh
>> connections but Ive never had such a slow response to ssh'ing on a none standard port before????
>> Sometimes takes up to 20 secs to respond ???  Any ideas??
> 
> SSH delay sounds like a DNS lookup problem, look at /etc/resolv.conf, or disable dns in /etc/ssh/sshd_config (Add a line:  UseDNS no)
> 
> 
> Which distro you running on it?
> 
> Regards
> 
> Richard
> 
> _______________________________________________
> Durham mailing list   -   Durham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/durham
> http://www.nelug.org.uk/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/durham/attachments/20111110/00f22109/attachment.htm>


More information about the Durham mailing list