|
|
Pavel Lisà wrote:
> Jez Rogers pÃÅe v PÃ 28. 10. 2005 v 19:17 +0100:
>
>>Weird problem using UDP with mode server on 2.0.2
>>
>>Most of the time it works fine. Occasionally the client connection sees
>>incoming packets from the server on the same port number that the client
>>is trying to initiate a connection on. Needless to say the client
>>firewall takes exception to this.
>>
>>Eventually it all falls over with
>>
>>TLS Error: TLS key negotiation failed to occur within 60 seconds (check
>>your network connectivity) and restarts.
>>
>>This behaviour persists even after both ends are stopped and started.
>>It affects all clients.
>>
>>Seems to be that once it's got it's knickers in a twist that's it. When
>>it's working, you can shut the client down and start it and the
>>tunnelled TCP connections don't even notice.
>>
>>Switching to tcp-server and tcp-client always seems to work - but I
>>really want to use UDP.
>>
>>Anyone have any ideas why this might be happening?
>>
>
> I had the same problem long time, but I didn't find solution. I you will
> be successful, please send your solution here.
>
> Thanks
>
> Pavel
>
I had this problem when i tried to access my vpn server from a very slow
link in my university. As i used 2048 bit keys, and the link was too
slow to complete the tls handshake in 60 seconds, i had to increase the
tls handshake window with the parameter:
hand-window 300
Where 300 is in seconds. This means that any peer has 5 minutes to
complete the handshake. I believe that this problem can happen to with
other conectivity problems, as mtu, etc. Try increasing the hand-window
and see what happens. If it doesn't work, check your connection for any
mtu problems (try to transfer a big file, and see if there are any
fragmentation, or lost packets).
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
Snike Tecnologia em InformÃtica
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
Attachment:
signature.asc
Description: OpenPGP digital signature
|