VPN

To VPN users:
I am wondering if anyone is having some of the same issues that I am having?  I have noticed that my VPN tunnels have been dropping quite frequently.  They are quite storborn to get back up.  Once I have them backup they may run for serveral days or a hour or two.  I have been very busy and under the weather and have not spent the time in the logs that I need too.  I am running tunnels between the following hardware types:  Symantec 320, Symantec VPN100, Netgear FV318, Linksys VPN endpoint. 

The one major sticking point for me is setting up a tunnel between dynamic endpoints.  Has anyone build dynamic tunnels with this type of client?  This woild be a customer on the end of the Netgear FV318 and a handful of clients running a VPN Client?  Has anyone tested any freeware VPN clients.  I can't get the TAU client to work and I have spent 8 hours at 2 different sites trying to get it to work.  I need to find a solution to be able to provide support to these persons on a secure vpn connection.

After developying a FV318 at a customer site recently it has made look closely at the use of M0n0Wall just to a few of the advanced features the firewall has in it.  For now M0n0Wall is winning that battle. 

I have learned quite a bit from all my research, and FREENAS has a feature that we need to build in.  They are adding LCD support.  That would give use ciritical status on the display that we could use.  I hope we will add that feature into M0n0Wall soon.

Any Comments?
RC

Yes I have three sites that I have a constant tunnel going to that have dynamic IP's. I am understanding there is a netgear FVS318 firewall involved.

First question, what type of ISP do these remote sites have that are on the dynamic. If time warner your in luck. Time warner modems will only release their IP if the modem has been powered down for a few minutes. I love this about them.

I have 3 tunnels that have not went down for almost 8 months now.

I also have a netgearFVS318 firewall and it has a feature in it for dynamic DNS that works very well for IPsec tunnels using non static IP's.

Also if you like Monowall you will like pfsense, well when it comes to their VPN encryptions to choose from. AES and even AES 256. I am using that firewall in 8 different locations.

Please let me know what ISP's are involved here, this will help with testing and possible solutions.

Ok, here is the best description of what I have running that I can give you at this time. 

I have a c3 giga pro 750mhz box running my vpn M0n0Wall 1.32b not 1.34(typo).  It has 256meg of ram.  I am using a 64mb flash card for the onboard storage.  No CD or floppy (did not need anything do maintenance on.

I have the WAN interface and two option that I am not using and one of those is wireless.  I have linksys 54g that I am using to connect my 2 wireless devices two.  I was planning to put a gb adapter in the M0n0Wall but am holding off till I can stablize it some what. 

I have one remote user on AOL, 3 remote users on Embraq dsl two with dynamic addresses,  Mine and one other client have a fixed IP on Embarq DLS.  One customer is using Roadrunner with dymanic addressing.  I am seeing dis-connects/timeouts in the logs.  I will be glad to give you any additional data I can.

Here are some screen shots of a ipsec setup with time warner dynamic ip. I will look into some other things and report back to you.

I just got back in, from vacation.  i will print the screens and take a hard look at everything tomorrow.  Many thanks.
RC

Ok Let me know if you find anything