Date: Thu, 07 Jul 2011 06:45:30 -0500 From: Paul Keusemann <pkeusem@visi.com> To: freebsd-net@freebsd.org Subject: Debugging dropped shell connections over a VPN Message-ID: <4E159C5A.5090702@visi.com>
next in thread | raw e-mail | index | archive | help
Hello, I am having problems with dropped shell connections over a VPN and I need help diagnosing the problem. My setup is something like this: - My local network is a mix of AIX, HP-UX, Linux, FreeBSD and Solaris machines running various OS versions. - My gateway / firewall machine is running FreeBSD-8.1-RELEASE-p1 with ipfw, nat and racoon for the firewall and VPN. The problem is that rlogin, ssh and telnet connections over the VPN get dropped after some period of inactivity. My initial thought was that the disconnect was being caused by an idle timeout on the remote side of the VPN but I checked with the administrator and that is not the case. The idle timeout is set to something like 8 hours. The amount of idle time before a shell connection is dropped seems to vary from less than five minutes to more than half an hour more or less randomly or at best depending on prevailing winds. It is difficult to determine exactly when the connection is dropped because I don't know it has been dropped until I try to type something into the remote shell and then I get an error message and the connection is closed. The error message depends on the type of connection: rlogin: Read error from network: Connection reset by peer ssh: Write failed: Broken pipe telnet: Connection to ilt1000.eur.ad.sag closed by foreign host. Running a script to generate output every 60 seconds on the remote shell will keep the connection up most of the time but connections do get dropped even with the script running. I am pretty sure this is a VPN related issue. I have not had problems with shell connections that don't go over the VPN. When my ISP still had a UNIX shell host available, I used to leave shell sessions open to it for weeks at a time. I have had these same problems with two separate employers and three different remote VPN setups. So, what I'm looking for is some way to figure out what the cause of the disconnects is and a way to fix it. Any suggestions gladly accepted. -- Paul Keusemann pkeusem@visi.com 4266 Joppa Court (952) 894-7805 Savage, MN 55378
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E159C5A.5090702>