VPN Traffic issues

Oliver Hinckel info at ollisnet.de
Mon Mar 9 07:52:17 UTC 2009


Daniel Garcia wrote on 03/09/2009 01:10 AM:
[...]
>> You might want to do a wireshark dump (or tcpdump) of the subscriber's
>> traffic. Or, run chilli in debug mode to help see what it is doing. The
>> first question is: can the subscriber surf the walled garden or does
>> *nothing* work?
> surf the walled garden? Sorry you lost me. Browsing the internet is fine
> when subscribers log in correctly. Once logged in and successfully
> browsing, if they VPN, then browsing stops working. I notice that DNS
> is working because I see the browser resolving the name URL...it appears
 > to be something in the iptables is preventing it

We had same problems with surfen when VPN was activated. The problem 
was, that the VPN software (doesn't remember which VPN software and type 
of VPN was used) tries to contact IP address 1.1.1.1 which is the 
default value for the "uamlogoutip" settings:

   http://coova.org/wiki/index.php/CoovaChilli/chilli.conf(5)

So if the customer starts his VPN the software contacted the IP address 
1.1.1.1 (or tries at least to contact) and chilli logged them out. The 
customer wasn't able to surf the web anymore.

To solve this problem, we changed the "uamlogoutip" value to 127.0.0.1 
since we don't need this configuration with logging out by contacting a 
specific IP address.

HTH

- Olli



More information about the Chilli mailing list