[OpenAFS] Vista, OpenAFS 1.5.20, Cisco VPN - AFS dead

patrick daniels patrick.daniels@duke.edu
Tue, 03 Jul 2007 14:27:51 -0400 

Lars,

In reply to:

Date: Tue, 03 Jul 2007 09:55:17 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Organization: Secure Endpoints Inc.
To: Lars Schimmer <l.schimmer@cgv.tugraz.at>
Cc: openafs-info@openafs.org
Reply-To: jaltman@secure-endpoints.com
Subject: Re: [OpenAFS] Vista, OpenAFS 1.5.20, Cisco VPN - AFS dead

This is a cryptographically signed message in MIME format.

--------------ms050303050001020709060302
Content-Type: text/plain; charset=3DISO-8859-1
Content-Transfer-Encoding: quoted-printable

Lars Schimmer wrote:
>> Hi!
>>=3D20
>> Right now I try to setup a VPN connect with the cisco VPN adapter to
>> $private_network.
>> I had to choose TCP tunnel in cisco.
>>=3D20
>> Before I activated the VPN, OpenAFS service was running and I got a =
tok=3D
>>en.
>> I started the VPN, got connected and a private subnet IP, NO access to
>> the outer net, disconnected and OpenAFS was dead afterwards. Token was
>> gone, Authentication "program" didn=3DB4t show up.
>> Service just hung...

> "hung" is such a technical term.  It tells me absolutely nothing about
> what behavior you are seeing or what the problem is.
>
> As your Cisco VPN connection didn't work, perhaps the place to start is
> figuring out why.  That might explain what happened to your network
> configuration that is preventing you from communicating with the AFS
> client service.
>
> Jeffrey Altman
> Secure Endpoints Inc.

I suspect your problem is in trying to initiate the AFS session PRIOR to=20
the VPN connection.  Or, at least it's a point to start trouble-shooting.

You might want to try killing your AFS service, starting your VPN=20
connection, then start the AFS service back up.  Generate your tokens, and=20
see if things work as expected.

Or, get your VPN service to start up prior to login, so AFS service is=20
starting up with the IP address the VPN is providing.

If AFS doesn't work starting it up after VPN connection, then I'm not sure. =

However, I've run AFS on systems with VPN client connected.  And, starting=20
service AFTER I'd connected VPN, it worked fine.

Patrick

=C2=BA=C2=B0`=C2=B0=C2=BA=E2=82=AC=C3=B8=E2=82=AC=C2=BA=C2=B0`=C2=B0=C2=BA=E2=
=82=AC=C3=B8=C3=B8=E2=82=AC=C2=BA=C2=B0`=C2=B0=C2=BA=E2=82=AC=C3=B8=E2=82=AC=
=C2=BA=C2=B0`=C2=B0=C2=BA=E2=82=AC=C3=B8=C3=B8=E2=82=AC=C2=BA=C2=B0`=C2=B0=C2=
=BA=E2=82=AC=C3=B8=E2=82=AC=C2=BA=C2=B0`=C2=B0=C2=BA=E2=82=AC=C3=B8=C3=B8=E2=
=82=AC=C2=BA=C2=B0`=C2=B0=C2=BA=E2=82=AC

Patrick S. Daniels .......... Project Manager, Desktop Resources
A&S Computing, 029 Trent Hall..... Tel:  (919)660-2401
Duke University .......................... Fax: (919)660-3187
Durham, NC  27708-00226 ...email: patrick.daniels@duke.edu