VPN revisited.
wlanmac
wlan at mac.com
Thu Aug 21 11:37:03 UTC 2008
What do your iptables rules look like when running chilli?
On Thu, 2008-08-21 at 12:57 +0200, Peter Warasin wrote:
> Hi Sevan, hi IanC
>
> Sevan / Venture37 wrote:
> >> Yes, its those very kernel modules and iptables rules Im currently
> >> wrestling with, to no avail.
>
> I have exactly the same problem. I narrowed down the problem to chilli,
> at least I think so.
>
> (it's a linux kernel 2.6.22, with pptp netfilter helpers loaded and gre
> and port 1723 allowed)
>
> PPTP is working well passing through the exactly same box when chilli is
> not running. It takes about 2 seconds to connect. connect, disconnect,
> reconnecting, that's all working fine, also with multiple clients and
> different servers.
>
> As soon as i snap in chilli, establishing a PPTP connection takes a very
> very long time (several minutes).
> Most of the time there is no chance to connect. Only sometimes, after a
> long handshake period PPTP connects. I think that's pure luck that it
> connects.
>
> I noticed that chilli somehow seems to send out of order duplicates
> through the tun device. At least I see (with wireshark) TCP DUP ACK's
> coming back from the server some packets after the original ACK, which
> causes the client to resend a SYN, which then confuses the protocol.
> I see then closing the connection (PSH ACK, FIN ACK, ACK, RST) and
> reconnecting (SYN, SYN ACK, ...).
>
> I am digging deeper into the source code right now in order to debug the
> problem. If someone has advices, please tell me :)
>
> kind regards,
>
> peter
>
More information about the Chilli
mailing list