From owner-freebsd-net@FreeBSD.ORG Thu Jul 7 12:05:33 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 344E0106566C for ; Thu, 7 Jul 2011 12:05:33 +0000 (UTC) (envelope-from pkeusem@visi.com) Received: from g2host.com (mailfront4.g2host.com [208.42.184.242]) by mx1.freebsd.org (Postfix) with ESMTP id E291C8FC14 for ; Thu, 7 Jul 2011 12:05:32 +0000 (UTC) Received: from [173.30.51.17] (account pkeusem@visi.com HELO [172.16.175.217]) by mailfront4.g2host.com (CommuniGate Pro SMTP 5.3.11) with ESMTPSA id 18847190 for freebsd-net@freebsd.org; Thu, 07 Jul 2011 06:45:31 -0500 Message-ID: <4E159C5A.5090702@visi.com> Date: Thu, 07 Jul 2011 06:45:30 -0500 From: Paul Keusemann User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11 MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Is-From-Me: yes Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Debugging dropped shell connections over a VPN X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jul 2011 12:05:33 -0000 Hello, I am having problems with dropped shell connections over a VPN and I need help diagnosing the problem. My setup is something like this: - My local network is a mix of AIX, HP-UX, Linux, FreeBSD and Solaris machines running various OS versions. - My gateway / firewall machine is running FreeBSD-8.1-RELEASE-p1 with ipfw, nat and racoon for the firewall and VPN. The problem is that rlogin, ssh and telnet connections over the VPN get dropped after some period of inactivity. My initial thought was that the disconnect was being caused by an idle timeout on the remote side of the VPN but I checked with the administrator and that is not the case. The idle timeout is set to something like 8 hours. The amount of idle time before a shell connection is dropped seems to vary from less than five minutes to more than half an hour more or less randomly or at best depending on prevailing winds. It is difficult to determine exactly when the connection is dropped because I don't know it has been dropped until I try to type something into the remote shell and then I get an error message and the connection is closed. The error message depends on the type of connection: rlogin: Read error from network: Connection reset by peer ssh: Write failed: Broken pipe telnet: Connection to ilt1000.eur.ad.sag closed by foreign host. Running a script to generate output every 60 seconds on the remote shell will keep the connection up most of the time but connections do get dropped even with the script running. I am pretty sure this is a VPN related issue. I have not had problems with shell connections that don't go over the VPN. When my ISP still had a UNIX shell host available, I used to leave shell sessions open to it for weeks at a time. I have had these same problems with two separate employers and three different remote VPN setups. So, what I'm looking for is some way to figure out what the cause of the disconnects is and a way to fix it. Any suggestions gladly accepted. -- Paul Keusemann pkeusem@visi.com 4266 Joppa Court (952) 894-7805 Savage, MN 55378