VPN woes: telnet OK, ftp put OK, ftp get hangs

Hello All:

My Nortel VPN connection from my home PC (Redhat 9.0) to to my employer
has stopped working OK after I messed with the networking settings, and
I don't know what I changed anymore - OK, that was stupid. But to make
it clear: It was working fine in all respects until a little while
ago.

Symptoms now:
- Connection gets established OK
- telnet to my work machine works OK
- ftp to my work machine connects OK, put works but get or even just
dir hangs forever
- I can connect to my VNC server at work, but it hangs after creating
the window at home, never paints any window contents
- the system log shows the VPN getting started and stopped with no
warnings or errors
- the VPN log shows no problems

I have scoured /etc for files that have changed or look wrong, and
found nothing.
I don't have any iptables rules because I have a firewalled DSL modem.
Since the VPN connection gets established OK, I suspect some
authorization or permission problem on my PC - does that make sense?

Where should I look?
I was told to reinstall the Redhat networking - how do I do that
without reinstalling everything?

Thanks for any pointers.

LinuxOnly wrote:
> Hello All:
>
> My Nortel VPN connection from my home PC (Redhat 9.0) to to my employer
> has stopped working OK after I messed with the networking settings, and
> I don't know what I changed anymore - OK, that was stupid. But to make
> it clear: It was working fine in all respects until a little while
> ago.
>
> Symptoms now:
> - Connection gets established OK
> - telnet to my work machine works OK
> - ftp to my work machine connects OK, put works but get or even just
> dir hangs forever
> - I can connect to my VNC server at work, but it hangs after creating
> the window at home, never paints any window contents
> - the system log shows the VPN getting started and stopped with no
> warnings or errors
> - the VPN log shows no problems
>
> I have scoured /etc for files that have changed or look wrong, and
> found nothing.
> I don't have any iptables rules because I have a firewalled DSL modem.
> Since the VPN connection gets established OK, I suspect some
> authorization or permission problem on my PC - does that make sense?
>
> Where should I look?
> I was told to reinstall the Redhat networking - how do I do that
> without reinstalling everything?
>
> Thanks for any pointers.
>

I know it's not much help, but I suspect it's a problem with your
MTU - Maximum Transmittion Unit - the max packet size under IP. I
suspect that whenever your work sends you a full-sized packet, it
is being lost or not handled properly your end, although smaller
packets get through OK.

I have no idea where you might look to fix this though.

Steve

Ifconfig says eth0 has MTU:1500, lo has MTU:16436 - is either of them
bad?

Thanks for thinking about it.

GSt

OK, after reading "man ifconfig" I tried MTU settings 1400 and 1200,
with no change in behavior.
But I think you have a point. I tried ftp to an anonymous ftp server
at work, and I get "dir" listings of small directories, but not of
'pub' which presumably has more entries.

BTW, when the VPN is active, ifconfig shows a new interface nlv0 with
MTU:1438.

Any other suggestions?

GSt

On 2005-04-23, LinuxOnly <(E-Mail Removed)> wrote:
> BTW, when the VPN is active, ifconfig shows a new interface nlv0 with
> MTU:1438.

And the _end_ point of the VPN, the 'other side', what MTU has?
Davide

--
I will never trust someone called GATES that sells WINDOWS.
-- Federico Román

Right. I tried to check that last night, but my workstation at the
other end runs HP-UX, and its ifconfig does not report the MTU. Would
it even matter, since the VPN software runs on some other corporate
gateway server to which I don't have telnet access? I assume the
gateway that does the encryption reassembles all packets.

So how do I find the size of incoming packets? I guess I can't measure
those that don't make it into my machine.

Thanks for thinking about it.

LinuxOnly wrote:

> Ifconfig says eth0 has MTU:1500, lo has MTU:16436 - is either of them
> bad?
>

No. The MTU is used to specify the largest packets size. Different layer 2
protocols support different sizes.

LinuxOnly wrote:

> OK, after reading "man ifconfig" I tried MTU settings 1400 and 1200,
> with no change in behavior.
> But I think you have a point.**I*tried*ftp*to*an*anonymous*ftp*server
> at work, and I get "dir" listings of small directories, but not of
> 'pub' which presumably has more entries.
>

If you watch your network connection, with an analyzer, such as ethereal,
you'll see more, smaller packets. MTU size is normally transparent to the
user.

> BTW, when the VPN is active, ifconfig shows a new interface nlv0 with
> MTU:1438.

When using a VPN, the data must fit in an encapsulation packet, which in
turn must fit within the MTU. So the difference reflects the encapsulation
header.