[ILUG] eircom and vpn frustration

Brendan Kehoe brendan at zen.org
Sun Feb 8 15:52:09 GMT 2009 

I'm still struggling to get a VPN to be up and happy ... the openvpn 
config on both ends is fine.  But depending on the DSL modem I use, 
it'll work or it won't.

If I try to use the Linksys WAG54GS router, the VPN works 
wonderfully...but the DSL connection keeps dropping.

If I put back the Netopia 2247 from Eircom, the DSL stays up fine.  But 
the VPN won't work---mostly.  I've got UDP port 1194 forwarded from the 
Netopia to my ubuntu host at 192.168.1.2.  When I start up OpenVPN, in a 
moment the other end of the VPN connects (Peer Connection Initiated with 
a.b.c.d, and then Initialization Sequence Completed).  But I can't ping 
it.  (Where at this same point with the Linksys with 1194 udp port 
forwarding in the same way, I can.)

However, there's an interesting effect: if I modify the services/port 
forwarding on the Netopia, like enable/disable 1194 *TCP*, there's a 
moment during the router making that change that it lets a packet go 
through!  My ping to the other end of the vpn, which is usually saying 
"Request timed out", actually shows a successful ping at 52ms or so, 
which is the right speed and everything.  And then goes back to "Request 
timed out".  This suggests to me that the eircom box has some sort of 
rules in place to block the traffic or in some other way mess with the 
port forwarding.  Such a setting is getting disabled or changed during 
the Disable/Enable choice for the other service, then it stops.  (I've 
definitely got both ends of the openvpn configured for udp, and know it 
works as such with the linksys in place.)

I'm trying to dig around netopia's site, and other forums, but so far no 
hints on why it might want to work but only a little.  I've got a 
second, newer version of the Netopia 2247 (sent my Eircom to replace our 
own dead one, but it took them nearly two MONTHS to actually have it 
show up). That behaves exactly the same way as the older/current one.

Another option is to get a Netgear modem and try that, but time's gone 
for today to try to get one/use it.

Have any of you found any particular tricks to get the Netopia modem to 
be more willing to help?

Thanks for any suggestions,
B

More information about the ILUG mailing list