Discussion:
eircom and vpn frustration
Brendan Kehoe
2009-02-08 15:52:09 UTC
Permalink
I'm still struggling to get a VPN to be up and happy ... the openvpn
config on both ends is fine. But depending on the DSL modem I use,
it'll work or it won't.

If I try to use the Linksys WAG54GS router, the VPN works
wonderfully...but the DSL connection keeps dropping.

If I put back the Netopia 2247 from Eircom, the DSL stays up fine. But
the VPN won't work---mostly. I've got UDP port 1194 forwarded from the
Netopia to my ubuntu host at 192.168.1.2. When I start up OpenVPN, in a
moment the other end of the VPN connects (Peer Connection Initiated with
a.b.c.d, and then Initialization Sequence Completed). But I can't ping
it. (Where at this same point with the Linksys with 1194 udp port
forwarding in the same way, I can.)

However, there's an interesting effect: if I modify the services/port
forwarding on the Netopia, like enable/disable 1194 *TCP*, there's a
moment during the router making that change that it lets a packet go
through! My ping to the other end of the vpn, which is usually saying
"Request timed out", actually shows a successful ping at 52ms or so,
which is the right speed and everything. And then goes back to "Request
timed out". This suggests to me that the eircom box has some sort of
rules in place to block the traffic or in some other way mess with the
port forwarding. Such a setting is getting disabled or changed during
the Disable/Enable choice for the other service, then it stops. (I've
definitely got both ends of the openvpn configured for udp, and know it
works as such with the linksys in place.)

I'm trying to dig around netopia's site, and other forums, but so far no
hints on why it might want to work but only a little. I've got a
second, newer version of the Netopia 2247 (sent my Eircom to replace our
own dead one, but it took them nearly two MONTHS to actually have it
show up). That behaves exactly the same way as the older/current one.

Another option is to get a Netgear modem and try that, but time's gone
for today to try to get one/use it.

Have any of you found any particular tricks to get the Netopia modem to
be more willing to help?

Thanks for any suggestions,
B
--
Irish Linux Users' Group mailing list
About this list : http://mail.linux.ie/mailman/listinfo/ilug
Who we are : http://www.linux.ie/
Where we are : http://www.linux.ie/map/
Robert Sweetnam
2009-02-08 16:19:27 UTC
Permalink
Apologies for top posting! I had a similar issue with the netopias.
The solution I used was to configure the netopia to pass the ip
address from eircom to the Linux VPN server. (IP Passthrough)

In my case the VPN server was also a firewall for the LAN behind it.

Hope this helps.
Robert
Post by Brendan Kehoe
I'm still struggling to get a VPN to be up and happy ... the openvpn
config on both ends is fine. But depending on the DSL modem I use,
it'll work or it won't.
If I try to use the Linksys WAG54GS router, the VPN works
wonderfully...but the DSL connection keeps dropping.
If I put back the Netopia 2247 from Eircom, the DSL stays up fine.
But the VPN won't work---mostly. I've got UDP port 1194 forwarded
from the Netopia to my ubuntu host at 192.168.1.2. When I start up
OpenVPN, in a moment the other end of the VPN connects (Peer
Connection Initiated with a.b.c.d, and then Initialization Sequence
Completed). But I can't ping it. (Where at this same point with
the Linksys with 1194 udp port forwarding in the same way, I can.)
However, there's an interesting effect: if I modify the services/
port forwarding on the Netopia, like enable/disable 1194 *TCP*,
there's a moment during the router making that change that it lets a
packet go through! My ping to the other end of the vpn, which is
usually saying "Request timed out", actually shows a successful ping
at 52ms or so, which is the right speed and everything. And then
goes back to "Request timed out". This suggests to me that the
eircom box has some sort of rules in place to block the traffic or
in some other way mess with the port forwarding. Such a setting is
getting disabled or changed during the Disable/Enable choice for the
other service, then it stops. (I've definitely got both ends of the
openvpn configured for udp, and know it works as such with the
linksys in place.)
I'm trying to dig around netopia's site, and other forums, but so
far no hints on why it might want to work but only a little. I've
got a second, newer version of the Netopia 2247 (sent my Eircom to
replace our own dead one, but it took them nearly two MONTHS to
actually have it show up). That behaves exactly the same way as the
older/current one.
Another option is to get a Netgear modem and try that, but time's
gone for today to try to get one/use it.
Have any of you found any particular tricks to get the Netopia modem
to be more willing to help?
Thanks for any suggestions,
B
--
Irish Linux Users' Group mailing list
About this list : http://mail.linux.ie/mailman/listinfo/ilug
Who we are : http://www.linux.ie/
Where we are : http://www.linux.ie/map/
--
Irish Linux Users' Group mailing list
About this list : http://mail.linux.ie/mailman/listinfo/ilug
Who we are : http://www.linux.ie/
Where we are : http://www.linux.ie/map/
Daniel
2009-02-09 08:29:37 UTC
Permalink
Post by Robert Sweetnam
Apologies for top posting! I had a similar issue with the netopias.
The solution I used was to configure the netopia to pass the
ip address from eircom to the Linux VPN server. (IP Passthrough)
In my case the VPN server was also a firewall for the LAN behind it.
Hope this helps.
Robert
Post by Brendan Kehoe
I'm still struggling to get a VPN to be up and happy ...
the openvpn
Post by Brendan Kehoe
config on both ends is fine. But depending on the DSL modem I use,
it'll work or it won't.
If I try to use the Linksys WAG54GS router, the VPN works
wonderfully...but the DSL connection keeps dropping.
If I put back the Netopia 2247 from Eircom, the DSL stays
up fine.
Post by Brendan Kehoe
But the VPN won't work---mostly. I've got UDP port 1194 forwarded
from the Netopia to my ubuntu host at 192.168.1.2. When I start up
OpenVPN, in a moment the other end of the VPN connects (Peer
Connection Initiated with a.b.c.d, and then Initialization Sequence
Completed). But I can't ping it. (Where at this same
point with the
Post by Brendan Kehoe
Linksys with 1194 udp port forwarding in the same way, I can.)
However, there's an interesting effect: if I modify the
services/ port
Post by Brendan Kehoe
forwarding on the Netopia, like enable/disable 1194 *TCP*,
there's a
Post by Brendan Kehoe
moment during the router making that change that it lets a
packet go
Post by Brendan Kehoe
through! My ping to the other end of the vpn, which is
usually saying
Post by Brendan Kehoe
"Request timed out", actually shows a successful ping at
52ms or so,
Post by Brendan Kehoe
which is the right speed and everything. And then goes back to
"Request timed out". This suggests to me that the eircom
box has some
Post by Brendan Kehoe
sort of rules in place to block the traffic or in some
other way mess
Post by Brendan Kehoe
with the port forwarding. Such a setting is getting disabled or
changed during the Disable/Enable choice for the other
service, then
Post by Brendan Kehoe
it stops. (I've definitely got both ends of the openvpn configured
for udp, and know it works as such with the linksys in place.)
I'm trying to dig around netopia's site, and other forums,
but so far
Post by Brendan Kehoe
no hints on why it might want to work but only a little.
I've got a
Post by Brendan Kehoe
second, newer version of the Netopia 2247 (sent my Eircom
to replace
Post by Brendan Kehoe
our own dead one, but it took them nearly two MONTHS to
actually have
Post by Brendan Kehoe
it show up). That behaves exactly the same way as the older/current
one.
Another option is to get a Netgear modem and try that, but
time's gone
Post by Brendan Kehoe
for today to try to get one/use it.
Have any of you found any particular tricks to get the
Netopia modem
Post by Brendan Kehoe
to be more willing to help?
Thanks for any suggestions,
B
One thing about these to keep in mind. When you set up a port forward on it,
the firewall in the main menu must be changed from medium to low.
Apparantly the difference between medium and low are that mapped ports don't
work when its on med and they do work when on low.

-Dan
--
Irish Linux Users' Group mailing list
About this list : http://mail.linux.ie/mailman/listinfo/ilug
Who we are : http://www.linux.ie/
Where we are : http://www.linux.ie/map/
Brendan Kehoe
2009-02-09 10:44:01 UTC
Permalink
Post by Daniel
One thing about these to keep in mind. When you set up a port forward on it,
the firewall in the main menu must be changed from medium to low.
Apparantly the difference between medium and low are that mapped ports don't
work when its on med and they do work when on low.
Fantastic! Later today I was going to try out IP Passthru, but I'll
give this a run first. I noticed the Medium choice in the firewall
settings, but didn't think of it being why the port forwarding wasn't
working. (Lame lame lame, I think, it shouldn't let you enable NAT and
port forwarding if it knows full well it will not actually use them.)

Many thanks, will send a followup with the results of my efforts. :)

B
--
Irish Linux Users' Group mailing list
About this list : http://mail.linux.ie/mailman/listinfo/ilug
Who we are : http://www.linux.ie/
Where we are : http://www.linux.ie/map/
Brendan Kehoe
2009-02-09 14:59:01 UTC
Permalink
Post by Daniel
When you set up a port forward on it,
the firewall in the main menu must be changed from medium to low.
Apparantly the difference between medium and low are that mapped ports don't
work when its on med and they do work when on low.
This was the magic key. Without even having to reboot the Netopia box,
changing the Firewall (under Basic Mode not Expert Mode) from Medium to
Low let it actually use the port forwarding I'd set up for 1194 UDP
packets. I was able to immediately ping the other host, mount its Samba
share, and all the rest.

The VPN is up and humming happily. Many thanks, Dan!

B
--
Irish Linux Users' Group mailing list
About this list : http://mail.linux.ie/mailman/listinfo/ilug
Who we are : http://www.linux.ie/
Where we are : http://www.linux.ie/map/
Michael Watterson
2009-02-09 15:19:24 UTC
Permalink
Post by Brendan Kehoe
Post by Daniel
When you set up a port forward on it,
the firewall in the main menu must be changed from medium to low.
Apparantly the difference between medium and low are that mapped ports don't
work when its on med and they do work when on low.
This was the magic key. Without even having to reboot the Netopia box,
changing the Firewall (under Basic Mode not Expert Mode) from Medium to
Low let it actually use the port forwarding I'd set up for 1194 UDP
packets. I was able to immediately ping the other host, mount its Samba
share, and all the rest.
The VPN is up and humming happily. Many thanks, Dan!
B
I remember now I discovered this setting up Skype. After setting up the
client "magic number" port on the Netopia, Skype still relayed till
Firewall changed to Low. Always Firewall Skype so you are not a port
80/443 relay/Supernode for someone else that hasn't bothered setting up
Skype port forwarding.
--
Irish Linux Users' Group mailing list
About this list : http://mail.linux.ie/mailman/listinfo/ilug
Who we are : http://www.linux.ie/
Where we are : http://www.linux.ie/map/
FRLinux
2009-02-09 15:21:59 UTC
Permalink
Post by Brendan Kehoe
This was the magic key. Without even having to reboot the Netopia box,
changing the Firewall (under Basic Mode not Expert Mode) from Medium to
Low let it actually use the port forwarding I'd set up for 1194 UDP
packets. I was able to immediately ping the other host, mount its Samba
share, and all the rest.
Quick note on that, I guess TCP now works too with VPN which might be
recommended for DSL access and making sure all your shares will still
be there tomorrow after some possible network disruption.

My 2 cents,
Steph
--
Irish Linux Users' Group mailing list
About this list : http://mail.linux.ie/mailman/listinfo/ilug
Who we are : http://www.linux.ie/
Where we are : http://www.linux.ie/map/
Loading...