On Mon, 2002-08-26 at 14:36, Mikes work account wrote:
> ** Two other consultants are getting in just fine, as long as they are not
> the first to login during the day. The first person to attempt to login
> gets assigned the *.*.*.201 address and is denied access to the Linux server
> programs.
>
OK. So the problem is with one address: x.x.x.201. I am assuming you
have a pool of dynamic addresses assigned to the VPN hosts. Is the .201
address out of a supernetted/CIDR network ip range and therefore
unroutable?
Perhaps another host on the network claimed the .201 address by accident
(or was accidentally statically assigned)? Can you ping the .201 address
from another VPN host?
Are the packets from the .201 VPN host reaching the Linux server? Setup
a box to connect from the outside world as a vpn client (or use a
consultant as a guinea pig) with the .201 address. Try to ping any other
connected VPN hosts. Attempt a connection to the Linux server and run
tcpdump on the appropriate interface.
$ tcpdump -i ethx host x.x.x.201
-- Matt Miller Systems Administrator MP TotalCare gpg public key id: 08BC7B06
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:04:36 EDT