Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio VPN adapter
  •  
BlueDiamond

Messages: 12
Karma: 0
Send a private message to this user
I have the following problem:

Windows reads the 'hosts' file every 5 seconds, which causes the harddisk-light to light up in 10 seconds intervals, causing spikes in my network traffic. I have the same problem with Kerio Winroute Firewall on my server as with the Kerio VPN Client om my normal computer.

The problem goes away whenever I disable the Kerio VPN network adaptor, so I'm pretty sure it has something to do with that Kerio adaptor.

Does anyone know why Kerio keeps reading my 'hosts' file, and thereby causing spikes in my network traffic? Can it be disabled, or is it a known bug in Kerio?

I've tested this problem on these computers, with the following results:
- My own Notebook with Windows 2000 SP4 and VPN CLient -> Problem
- My own Desktop with WinXP SP2 and VPN Client -> No Problem
- My own Server with Win2000 SP4 and WinRoute Firewall -> Problem
- A friends Notebook with Windows 2000 SP4 and VPN CLient -> No Problem

All drivers and programs are fully updated. Can anyone here help me with this?
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Could this be correlated to bug nr. 10790 (described and confirmed in this topic)?

What I mean is that 'overwriting' by the VPN Client of the typing in of computer addresses (see the above linked topic) happens on the same time the hosts file is read?

Could be a big hint to the programmers trying to solve bug 10790...
  •  
BlueDiamond

Messages: 12
Karma: 0
Send a private message to this user
It doesn't seem to have any relation with bug nr. 10790.

Regarding bug nr. 10790, my Win2000 system has no problems with the address-bar, and my WinXP system does. However, my Win2000 system has problems with the 'hosts' file being read excessively, whereas my WinXP system doesn't have that problem.

What I can tell you is that when I plug in my wireless, the 'hosts' file will be read 3 times by the wireless program once. Which is understandable, the wireless wants to read and use the hosts file when it starts up. However, Kerio keeps reading the hosts file every 5 seconds, both on the VPN client as well as on the Winroute firewall.

(Actually, the program 'Services.exe' reads the 'hosts' file on behalf of both Kerio and the wireless program).

When I disable the Kerio VPN adapter on my server or my notebook, the problem goes away (ie it stops reading the hosts file every 5 seconds). But this obviously prevents me from using the VPN Client, which is not what I want.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Maybe the reasoning behind checking the hosts file every couple of seconds is that it could change after having made the VPN connection/started up the Firewall by some third party.

And reading in a simple hosts file shouldn't be any burden on a system, so I wonder what makes your connection spike when reading the file.
  •  
BlueDiamond

Messages: 12
Karma: 0
Send a private message to this user
Why should Kerio read the hosts file every 5 seconds? Most other software doesn't do this.

But I know the lag/spikes I get in my network connection or the computer itself are because of Kerio, because when I disable the Kerio VPN the problem is solved.

It is very frustrating.
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Try to disable the LMHOST lookup for the VPN adapter.
  •  
BlueDiamond

Messages: 12
Karma: 0
Send a private message to this user
Thanks all for the advice.

My problem has been solved. I don't know how to disable the LMHOST file, but I read the comment into the LMHOST file. The hosts file is continuously being read, because DHCP is enabled for the Kerio VPN adapter. So on my server I have assigned a static IP address to the Kerio VPN adapter. Now the HDD isn't flashing anymore and my lags are gone.
  •  
BlueDiamond

Messages: 12
Karma: 0
Send a private message to this user
It seems the solution for my problem also fixes another problem.

The problem described in bug nr. 10790 (the address bar in explorer problem) can simple be solved. You have to give the Kerio VPN adapter a static IP adres. There is one caveat though: Disabling dynamic IP for Kerio also disables the DNS forwarding through VPN.
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
I smell a new KB article....

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Quote:

So on my server I have assigned a static IP address to the Kerio VPN adapter.

I assume this is done 'outside' of KWF? Just go the VPN adapter and define an IP addres? Can it be any IP address (cause at the moment the adapter has a bogus self-assigned 169.* address) or should this be an address in the subnet the VPN server assignes to VPN clients? Or an address on the company LAN subnet? Should I assign DNS server to the VPN adapter?

Quote:

Disabling dynamic IP for Kerio also disables the DNS forwarding through VPN.

Could you elaborate on this? What exactly does this mean? I'm guessing:
Say you are at home with a Kerio VPN connection to the company LAN:
  1. name lookup still works for general Internet adresses by using your ISP's DNS (of course)
  2. name lookups will not work for those names in KWF's DHCP table (so no resolving of internal company LAN host names). You would have to use IP addresses when connecting to company LAN machines.
Yes?

Any more 'issues'?
  •  
BlueDiamond

Messages: 12
Karma: 0
Send a private message to this user
Quote:

I assume this is done 'outside' of KWF? Just go the VPN adapter and define an IP addres? Can it be any IP address (cause at the moment the adapter has a bogus self-assigned 169.* address) or should this be an address in the subnet the VPN server assignes to VPN clients? Or an address on the company LAN subnet? Should I assign DNS server to the VPN adapter?


Just like a normal network adapter, assign a static IP address to the properties of your Kerio VPN adapter. This IP, however, will not be used by Kerio, (it uses the IP address and DNS Kerio gives), thus you can fill in whatever you want (as long as it doesn't conflict with any other network settings). I used the IP 169.254.254.254 and subnet mask 255.255.255.0 (standard APIPA Microsoft network).

Here are the properties of my (connected) Kerio VPN Adapter (in Dutch but readable):

Ethernet adapter Kerio VPN:

        Verbindingsspecifiek DNS-achtervoegsel:
        Beschrijving . . . . . . . . . . . . .: Kerio VPN adapter
        Fysiek adres . . . . . . . . . . . .  : xx-xx-xx-xx-xx-xx
        DHCP-ingeschakeld . . . . . . . . . . : Nee
        IP-adres . . . . . . . . . . . . . . .: 192.168.2.4
        Subnetmask . . . . . . . . . . . . . .: 255.255.255.0
        IP-adres . . . . . . . . . . . . . . .: 169.254.254.254
        Subnetmask . . . . . . . . . . . . . .: 255.255.255.0
        Standaardgateway . . . . . . . . . . .:
        DNS-servers . . . . . . . . . . . . . :
        NetBIOS over TCPIP. . . . . . . . : Uitgeschakeld


Quote:

..disables the DNS forwarding.. Could you elaborate on this? What exactly does this mean?


The DNS of your ISP still works. When DHCP for the Kerio VPN adapter is disabled, Kerio will not assign a DNS server to the Kerio VPN adapter. When DHCP is enabled, a DNS server will be given as specified by the VPN settings of Kerio Winroute Firewall.
Previous Topic: Load Balancing / Dual WAN type of function
Next Topic: Kerio rules for emule
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 19:41:45 CET 2017

Total time taken to generate the page: 0.00461 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.