VPN box choking on expired TTL packets?

Pingman Tools Forums

See the network, Pinpoint the problem.

Graphical Network Tools

Troubleshooting: PingPlotter

You are not logged in. [Log In] Pingman Tools Home » Forums » PingPlotter » PingPlotter Support » VPN box choking on expired TTL packets?

Topic Options

#2069 - 11/24/08 01:46 PM VPN box choking on expired TTL packets?
D-Smith Registered: 11/24/08 Posts: 2	Hi, I've been using PingPlotter Pro (3.20p) for quite some time, it's been a very valuable tool. Recently I started working with a new UTM (Unified Threat Management) box that's running some flavor of Linux and mostly open source applications (http proxy, firewall, VPN, mail relay...). I don't know what the VNP module is based on but it looks like it might be choking on PingPlotter packets. When I run a PingPlotter trace through the tunnel with the remote endpoint as the target using a 15 second delay everything looks fine for about 21 hours. Then the remote end stops responding (VPN module dies?), about 15 seconds later the UTM box stops responding too. It doesn't really crash, internal processes continue to run and make log entries but no errors get logged and no ethernet interfaces will pass traffic. If I extend the ping delay to 60 seconds it takes about 55 hours before the same thing happens with a 60 second delay between the VPN failure and box lockup. Is it likely that the VPN module is choking on TTL expired packets? Has anyone ever seen this before? I haven't tested it yet but I'm betting the solution will be to ping only the target.
Top

Entire topic
Subject	Posted by	Posted
VPN box choking on expired TTL packets?	D-Smith	11/24/08 01:46 PM
Re: VPN box choking on expired TTL packets?	Pete Ness	11/25/08 02:16 PM