Modify

Ticket #4293 (closed defect: worksforme)

Opened 13 months ago

Last modified 13 months ago

network down after vpn activity

Reported by: osipov@… Owned by: jamor@…
Milestone: 2.2.X Component: network
Severity: normal Keywords:
Cc:

Description

Trying to create VPN server. Installed Zentyal, set eth0 network interface to internal and eth2 to external. Both set to static IP, adds gateway - our gate in external network. Then i added PPTP module, setup user for access - "vpnuser".

When i trying to connect to VPN from internet, using windows standard VPN connection, it connects all works fine first several minutes.

But when i start to work, after some time VPN-connection hangs and eth2 interface stops responding at all. While eth0 is working, i can access web-interface from internal network, but external don't respond. Web-interface Diagnostic tools -> Ping to any external site or IP says "Destination host unreachable". Only reboot of zentyal helps.

I noticed, that this situation occurs after some load on network. For example if i establish VPN connection and just run ping command on some internal server - this connection may live for several hours. But if connect to remote desktop and open some pictures - VPN will die in 1-2 minutes. It looks strange, but usual traffic i get through VPN connection before hang is 28 MB.

at dashboard both NICs says: LAN-eth0 Status up, internal, link ok MAC address 00:23:54:4c:78:e2 IP address 192.168.1.216

Status up, external, link ok MAC address 20:cf:30:d6:f0:bd IP address 85.114.22.109

Zentyal hardware: intel q6600 cpu, 4Gb ram, 1Tb hdd, onboard nic and pci nic.

Attachments

Change History

comment:1 Changed 13 months ago by jamor@…

  • Status changed from new to accepted

Hello Osipov,

it seems to me that you have address collision. Check and fix this situations:

  • interfaces in the same network
  • VPN addresses/networks in the same network that real interfaces

Regards,

Javier

comment:2 Changed 13 months ago by Osipov@…

Hello Javier!

1) interfaces lan/wan are in different networks (lan - in local switch, wan - in internet switch), the similar to our existing Microsoft VPN server. 2) vpn settings are by default 192.168.210.0/24, and connection info i see client get 192.168.210.2, while server is 192.168.210.1 lan address is 192.168.1.216/23, so they are not in same subnets.

waiting for your help Eugene Osipov

comment:3 Changed 13 months ago by jamor@…

Ok, but the 192.168.210.0/24 don't overlap any of the interfaces in lan/wan right?. Also, what version do you have?.

comment:4 Changed 13 months ago by jamor@…

Other thing that could be useful, can you post the routes table before and after the error?.

comment:5 Changed 13 months ago by osipov@…

1) Yes, that's right

2) v.2.2.7

Before:

root@Gate2:~# routel

target gateway source proto scope dev tbl

default 192.168.1.215 192.168.1.216 eth0 102

192.168.0.0 23 192.168.1.216 kernel link eth0

85.114.0.0 16 85.114.22.109 kernel link eth2

default 85.114.29.237 85.114.22.109 eth2 101 default default nexthop 85.114.29.237 eth2 nexthop 192.168.1.215 eth0

127.255.255.255 broadcast 127.0.0.1 kernel link lo local

85.114.22.109 local 85.114.22.109 kernel host eth2 local

85.114.255.255 broadcast 85.114.22.109 kernel link eth2 local

85.114.0.0 broadcast 85.114.22.109 kernel link eth2 local

192.168.0.0 broadcast 192.168.1.216 kernel link eth0 local

192.168.1.255 broadcast 192.168.1.216 kernel link eth0 local

127.0.0.0 broadcast 127.0.0.1 kernel link lo local

192.168.1.216 local 192.168.1.216 kernel host eth0 local

127.0.0.1 local 127.0.0.1 kernel host lo local 127.0.0.0 8 local 127.0.0.1 kernel host lo local

fe80
64 kernel eth2
fe80
64 kernel eth0 default unreachable kernel lo unspec ::1 :: none lo local

fe80::223:54ff:fe4c:78e2 :: none lo local fe80::22cf:30ff:fed6:f0bd :: none lo local

ff00
8 eth2 local
ff00
8 eth0 local default unreachable kernel lo unspec

After VPN connected:

root@Gate2:~# routel

target gateway source proto scope dev tbl

default 192.168.1.215 192.168.1.216 eth0 102

192.168.210.2 192.168.210.1 kernel link ppp0

192.168.0.0 23 192.168.1.216 kernel link eth0

85.114.0.0 16 85.114.22.109 kernel link eth2

default 85.114.29.237 85.114.22.109 eth2 101 default default nexthop 85.114.29.237 eth2 nexthop 192.168.1.215 eth0

127.255.255.255 broadcast 127.0.0.1 kernel link lo local

85.114.22.109 local 85.114.22.109 kernel host eth2 local

85.114.255.255 broadcast 85.114.22.109 kernel link eth2 local

85.114.0.0 broadcast 85.114.22.109 kernel link eth2 local

192.168.0.0 broadcast 192.168.1.216 kernel link eth0 local

192.168.1.255 broadcast 192.168.1.216 kernel link eth0 local 192.168.210.1 local 192.168.210.1 kernel host ppp0 local

127.0.0.0 broadcast 127.0.0.1 kernel link lo local

192.168.1.216 local 192.168.1.216 kernel host eth0 local

127.0.0.1 local 127.0.0.1 kernel host lo local 127.0.0.0 8 local 127.0.0.1 kernel host lo local

fe80
64 kernel eth2
fe80
64 kernel eth0 default unreachable kernel lo unspec ::1 :: none lo local

fe80::223:54ff:fe4c:78e2 :: none lo local fe80::22cf:30ff:fed6:f0bd :: none lo local

ff00
8 eth2 local
ff00
8 eth0 local default unreachable kernel lo unspec

After network down:

root@Gate2:~# routel

target gateway source proto scope dev tbl

default 192.168.1.215 192.168.1.216 eth0 102

192.168.0.0 23 192.168.1.216 kernel link eth0

85.114.0.0 16 85.114.22.109 kernel link eth2

default 85.114.29.237 85.114.22.109 eth2 101 default default nexthop 85.114.29.237 eth2 nexthop 192.168.1.215 eth0

127.255.255.255 broadcast 127.0.0.1 kernel link lo local

85.114.22.109 local 85.114.22.109 kernel host eth2 local

85.114.255.255 broadcast 85.114.22.109 kernel link eth2 local

85.114.0.0 broadcast 85.114.22.109 kernel link eth2 local

192.168.0.0 broadcast 192.168.1.216 kernel link eth0 local

192.168.1.255 broadcast 192.168.1.216 kernel link eth0 local

127.0.0.0 broadcast 127.0.0.1 kernel link lo local

192.168.1.216 local 192.168.1.216 kernel host eth0 local

127.0.0.1 local 127.0.0.1 kernel host lo local 127.0.0.0 8 local 127.0.0.1 kernel host lo local

fe80
64 kernel eth2
fe80
64 kernel eth0 default unreachable kernel lo unspec ::1 :: none lo local

fe80::223:54ff:fe4c:78e2 :: none lo local fe80::22cf:30ff:fed6:f0bd :: none lo local

ff00
8 eth2 local
ff00
8 eth0 local default unreachable kernel lo unspec

comment:6 Changed 13 months ago by jamor@…

  • Status changed from accepted to closed
  • Resolution set to worksforme
  • Milestone set to 2.2.X

Thanks for the feedback. We can see that it is not that the connection rejected but that the ppp interface is brought down.

Since you connected and transimitted some Mb data (or do you could conenct for some hours without data transefer), I think the more probably is that you have in the middle a traffic shaper. Can you connect from other location?. Do you know if there is something beteen your eth2 and the internet?.

However if you are using also the traffic shaping module it could be a misconfiguration or a Zentyla bug. in this case check your rules and reopen if it is necessary.

Also I suggest to look in /var/log/syslog for ppp messages, they can give a clue of what is going on.

Regards,

Javier

View

Add a comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
The resolution will be deleted. Next status will be 'reopened'
Author


E-mail address and user name can be saved in the Preferences.

Attachments
 
Note: See TracTickets for help on using tickets.