[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: ipsec vpn starts one-way
 Date:  Sun, 20 Apr 2008 08:45:03 +0100
Joe,

In message <1208653732 dot 3169 dot 4 dot camel at laptop dot localdomain>, Joe
<j dot commisso at verizon dot net> writes
>The nic is doing the best it can.
>It is a 10Mbps nic. Then it goes to a 10/100 switch and then to each
>client.
>
>The problem is that the tunnel doesn't open up when initiating a
>connection from the right end. Only the left end can start the tunnel,
>it seems. After that, everything is fine.
>
>If the collisions aren't necessarily a big deal, that's a relief.

As long as both ends agree on the duplex then it's OK (not good,
though).  If you have a managed switch then you need to check the switch
port to make sure it's set to half duplex.

Looking at the specs it is apparently capable of 10Mbps full duplex and
as it's connected to a switch then you really should be running full
duplex.

You may need to use the hidden options:

http://doc.m0n0.ch/handbook/faq-hiddenopts.html

to get the card to run in full duplex mode.

Needless to say, none of this is going to sort your VPN problem but it
will improve performance!

The only thing I can think of with your VPN is to try using dynamic DNS
for your home m0n0wall as m0n0wall now supports DNS entries for VPNs,
IIRC.

HTH,


                                Neil.

>On Sat, 2008-04-19 at 18:04 +0100, Neil A. Hillard wrote:
>> Hi,
>>
>> In message <1208623570 dot 3212 dot 14 dot camel at laptop dot localdomain>, Joe
>> <j dot commisso at verizon dot net> writes
>> >
>> >I just noticed that the site on the right has 22045 LAN collisions while
>> >the site on the left has 0.
>> >
>> >The site on the right also has an older LAN NIC and is at "10baseT/UTP
>> ><half-duplex>". I think the LAN NIC is a 3com.
>>
>> That in itself doesn't necessarily mean anything's wrong.  It may be
>> connected to a hub or a switch port that's been set to 10Mbps half
>> duplex.
>>
>> If it's connected to a switch and there's a duplex mismatch then it's a
>> different matter and you may have to force it to full duplex in the
>> config.
>>
>> HTH,
>>
>>
>>                                 Neil.
>>
>> >On Sat, 2008-04-19 at 12:11 -0400, Joe wrote:
>> >> As an added note on this, I don't know if I made myself too clear.
>> >> Being that the tunnel only forms when pinging from the left, this is a
>> >> big problem for us, since I can't do it during working hours because
>> >> users (on the right) sessions get severed.
>> >>
>> >> Our business structure has sessions initiating on the right end, but
>> >> m0n0wall only builds the tunnel when pinging from the left.
>> >> After that, everything seems fine.
>> >>
>> >> I don't know what added info to include on this issue, but will be glad
>> >> to provide it if needed.
>> >>
>> >> Thanks,
>> >> Joe
>> >>
>> >>
>> >>
>> >> On Fri, 2008-04-18 at 21:57 -0400, Joe wrote:
>> >> > Hi,
>> >> >
>> >> > I have an ipsec 1.3b10 - 1.3b11 tunnel running between two static IP
>> >> > addresses.
>> >> >
>> >> > I also have a m0n0wall server at home where I have a non-static DSL
>> >> > modem.
>> >> >
>> >> > When I power up my home systems, I check the home IP address of my
>> >> > m0n0wall server here. Then I log into one of the static IP m0n0wall ends
>> >> > of the tunnel and change the ipsec page to save my home IP address as a
>> >> > static IP end of a new tunnel.
>> >> >
>> >> > I save it. I "apply changes". Then I have a tunnel from home and I'm
>> >> > connected.
>> >> >
>> >> > The problem is that when I press "apply changes" to save the ipsec page,
>> >> > the original tunnel is severed and won't come up until something like a
>> >> > ping is issued from one end only.
>> >> >
>> >> > If something like a ping or telenet session is issued from the second
>> >> > end, it hangs until the tunnel is brought up from the first end.
>> >> >
>> >> > Any help would be appreciated. m0n0wall is appreciated.
>> >> >
>> >> > Joe
>> >
>> >
>> >---------------------------------------------------------------------
>> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>> >
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk