VPN Traffic issues
Oliver Hinckel
info at ollisnet.de
Mon Mar 9 07:52:17 UTC 2009
Daniel Garcia wrote on 03/09/2009 01:10 AM:
[...]
>> You might want to do a wireshark dump (or tcpdump) of the subscriber's
>> traffic. Or, run chilli in debug mode to help see what it is doing. The
>> first question is: can the subscriber surf the walled garden or does
>> *nothing* work?
> surf the walled garden? Sorry you lost me. Browsing the internet is fine
> when subscribers log in correctly. Once logged in and successfully
> browsing, if they VPN, then browsing stops working. I notice that DNS
> is working because I see the browser resolving the name URL...it appears
> to be something in the iptables is preventing it
We had same problems with surfen when VPN was activated. The problem
was, that the VPN software (doesn't remember which VPN software and type
of VPN was used) tries to contact IP address 1.1.1.1 which is the
default value for the "uamlogoutip" settings:
http://coova.org/wiki/index.php/CoovaChilli/chilli.conf(5)
So if the customer starts his VPN the software contacted the IP address
1.1.1.1 (or tries at least to contact) and chilli logged them out. The
customer wasn't able to surf the web anymore.
To solve this problem, we changed the "uamlogoutip" value to 127.0.0.1
since we don't need this configuration with logging out by contacting a
specific IP address.
HTH
- Olli
More information about the Chilli
mailing list