Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » VPN Tunnel sometimes didn't reconnect
  •  
yoyo

Messages: 5
Karma: 0
Send a private message to this user
i've here a testinstallation of a server-to-server (or lan-to-lan) vpn.

well, most of the time the tunnel works fine.
but sometimes, e.g. after i'am working at the traffic policy rules or even if i restart one of the two servers, the tunnel doesn't reconnect:

here is a dump of the vpn messages (from debug log):

[03/Dec/2004 17:53:11] {vpntunnel} Tunnel[0004]('VPN Tunnel EL ==> Band') - connecting to a.b.c.d:4090
[03/Dec/2004 17:53:11] {vpntunnel} TUNNEL_STATUS_CHANGE 'VPN Tunnel EL ==> Band' - 1:0
[03/Dec/2004 17:53:11] {vpntunnel} Tunnel[0004]('VPN Tunnel EL ==> Band') - remote endpoint name resolved - a.b.c.d
[03/Dec/2004 17:53:31] {vpntunnel} Tunnel[0004]('VPN Tunnel EL ==> Band') - error occured (rWe), closing connection
[03/Dec/2004 17:53:31] {vpntunnel} TUNNEL_STATUS_CHANGE 'VPN Tunnel EL ==> Band' - 0:146
[03/Dec/2004 17:53:31] {vpnag} VPN AG(4) cleared
[03/Dec/2004 17:53:31] {vpntunnel} Tunnel[0004]('VPN Tunnel EL ==> Band') - tunnel closed


i found a workaround (but i don't like to live with workarounds):
remotly connect to the winroute server (with the admin console):
diseable the vpn tunnel, also locally disable the vpn tunnel
then enable both ends of the tunnel again, and, with a few luck, the tunnel will go up again.

has anyone an idea whats going on there?
for me, it looks like the vpn tunnels has problems during initalisation, maybe problems with synchronisation or what ever?


update
hm, not sure, maybe the rules ....

but there is something "funny" again i want to ask:


here are some ugly results from using sysinternals TCPView

WinRoute.exe:412 TCP 0.0.0.0:13266 0.0.0.0:0 LISTENING wow, port 13266 ? ! oh man what are they doing?
WinRoute.exe:412 TCP 0.0.0.0:44333 0.0.0.0:0 LISTENING
WinRoute.exe:412 TCP 10.189.58.2:4080 0.0.0.0:0 LISTENING <<<< internal IP of VPN adapter <<<<<<<<<<< you see it? port 4080 ??? !!!
WinRoute.exe:412 TCP 10.189.58.2:4090 0.0.0.0:0 LISTENING <<<< internal IP of VPN adapter
WinRoute.exe:412 TCP a.b.c.d:2512 u.v.w.x:4090 ESTABLISHED
WinRoute.exe:412 TCP a.b.c.d:4080 0.0.0.0:0 LISTENING <<<<<<<<<<< you see it? port 4080 ??? !!!
WinRoute.exe:412 TCP a.b.c.d:4090 0.0.0.0:0 LISTENING <<<< this is now the "real" VPN port
WinRoute.exe:412 TCP 127.0.0.1:4080 0.0.0.0:0 LISTENING <<<< and again ... 4080 ? ? ? ? ?
WinRoute.exe:412 TCP 169.254.113.13:4080 0.0.0.0:0 LISTENING <<<< and again ... 4080 ? ? ? ? ?
WinRoute.exe:412 TCP 169.254.113.13:4090 0.0.0.0:0 LISTENING
WinRoute.exe:412 TCP 192.168.168.1:4080 0.0.0.0:0 LISTENING and again ... 4080 ? ? ? ? ?
WinRoute.exe:412 TCP 192.168.168.1:4090 0.0.0.0:0 LISTENING


is there anyone from kerio support reading this forum?
can someone tell me why kerio is listening to 4080 AND 4090?

and why does kerio listening on ALL adapters, even the vpn adapter? why not only install the listener on the interface connected to the internet?





this all is driving me confused

[Updated on: Fri, 03 December 2004 22:13]

  •  
FRiC

Messages: 56
Karma: 0
Send a private message to this user

I have a related problem... when the VPN tunnel disconnects for some reason (ISP disconnect, line down, etc.) the VPN tunnel will reconnect as usual, but the tunnel doesn't work. Everything looks normal from winroute and the admin console, but the the clients can't reach the other side of the tunnel.

My workaround is to disable the tunnel (on either side), wait 5-10 minutes, then re-enable the tunnel. Strangely, if I re-enable the tunnel too quickly, it still doesn't work. Have to wait a while.

I also think there's something wrong with the VPN initialization routines, but I've been talking with tech support about this problem since August and we still haven't gotten anywhere yet.

  •  
MI

Messages: 16
Karma: 0
Send a private message to this user
I found this problem when I had one tunnel already connected. Change the "passive" and "active" connections...and make sure the traffic rules are set up properly...
  •  
apichart

Messages: 5
Karma: 0
Send a private message to this user
Dear All
I found this problem too. I restarted OS from both side to make it re-connect tunnel again. Anyway, who know the better way to solve this problem, please tell me. I'm thinking about how to build to pararell tunnel to make it more stable, is that possible? Please help
Apichart
Previous Topic: HELP: Printing problem
Next Topic: how can i add many many url one time?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 03:30:48 CET 2017

Total time taken to generate the page: 0.00418 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.