VPN connection log entry

Clovertech Forums Read Only Archives Cloverleaf Cloverleaf VPN connection log entry

  • Creator
    Topic
  • #51982
    Tim Hallbauer
    Participant

      Hi Guys and Gals,

      I have a connection that goes out through our firewall via VPN. We are having issues with connectivity. On our side my network guys tell me they see packets going out and the vendor swears they are listening. The connection is never established and we remain in ‘opening’.

      Can anyone shed any light on what this log entry means, especially the reference to ‘Operation already in progress’? It just repeats throughout the log file.

      [pdl :PDL :DBUG/0:   CER_TS_ADT:09/10/2010 08:24:24] tcp-client: attempting connect to: 1xx.1x.xx.253:9195

      [pdl :PDL :INFO/0:   CER_TS_ADT:09/10/2010 08:24:24] tcp-client: connect error (Operation already in progress)

      [pdl :PDL :DBUG/1:   CER_TS_ADT:09/10/2010 08:24:24] PDL setting timeout in 0.10 seconds

      Any insight is appreciated since I seem to have hit an impass.

      Tim

    Viewing 5 reply threads
    • Author
      Replies
      • #72581
        James Cobane
        Participant

          Is there any NAT’ing occuring within either of the firewalls that might be causing the issue?  You might try to run a traceroute to the IP and see where it might be hanging up.

          Jim Cobane

          Henry Ford Health

        • #72582
          Tim Hallbauer
          Participant

            James,

            Thanks.  Four hops and I was there. I think either their config has something weird / missing,  or they aren’t actually listening and think they are. BUT as is usually the case with vendors,  it’s up to us to prove it’s on their side

            Tim

          • #72583
            James Cobane
            Participant

              Yes; we are always ‘guilty’ until proven ‘innocent’….

              🙂

            • #72584
              Chris Blair
              Participant

                You’ve proven that you can get to the machine via TCP/IP. If you can’t “telnet {machine ip} {listening port number}”, than their service is not available for connection. If the vendor can “telnet localhost {listening port number}” then their service is up and running but you’re being blocked as an outside host. If that’s the case, my money sayss it’s a software firewall on their system that is not configured to allow outside connections on that listening port.

              • #72585
                Vince Angulo
                Participant

                  I’m having this problem too with a new VPN-connected interface BUT it seems to be intermittent.  The interface runs ‘up’ fat, dumb and happy for hours on end then the connection goes ‘opening’ with this error.  Times are not consistent and wondering if there was any additional information anyone might have.  The vendor I’m working with is Proficient Health.  Thanks!!

                • #72586
                  Ed Mastascusa
                  Participant

                    Hi Vince,

                    check and see if your OS tcp “keepalive” setting is longer than the  firewall’s “session timeout”. (Or the shortest session timeout if there are firewalls on both ends) If the firewall times out the session that could collapse the tunnel in such a way that one side still thinks they are connectd.  

                    If the other side sees an “up” connection that is a symptom. If the problem only happens when things aren’t particularly busy that’s another.

                    If you have someone cooperating on the other end you might be able to test with hcitcptest on another port. start hcitcptest and let it sit with no data, then see if the connection breaks after a consistent interval. Then compare it to your keepalive setting and if its less than that the firewall is probably killing the connection before the keep alive happens.

                Viewing 5 reply threads
                • The forum ‘Cloverleaf’ is closed to new topics and replies.