0

I have a client running on a VPN behind a NAT. The client becomes inaccessible after a while if it is not "active". The VPN software is PPTP and the OS of the client if Debian.

I'm unsure about the exact cause of what makes it inaccessible or if it is another piece of software that is causing the problem. But my current thing I am trying to figure out is if the NAT is healing and causing the client VPN to become inaccessible. Could this be causing the problem or should I look elsewhere?

Scoop
  • 173
  • 8

2 Answers2

4

What exactly is NAT "healing".

What you're likely running into is a firewall timeout issue. The firewall is probably killing sessions in it's state table that have been idle for a long period of time in order to make room in the state table for other connections and to release any resources being consumed by the idle session.

http://en.wikipedia.org/wiki/Stateful_firewall

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Yes, this is likely the cause. See if you can get the VPN software to periodically send keep-alive messages in order to prevent the NAT from timing out the session. – qqx Dec 01 '12 at 22:52
  • 2
    The keepalive settings are inside "/etc/ppp/options" or "/etc/ppp/ppp.conf" (I don't remember which). The values are named "lcp-echo-interval" and "lcp-echo-failure". I think they are just commented out on most Linux distribution. – Gregory MOUSSAT Dec 01 '12 at 23:33
0

VPN tunnels often shut down on inactivity. Cisco routers have a VPN tunnel keepalive function. Basically, you ping through the tunnel to test for connectivity and with Cisco products, the VPN client and router renegotiate the connection so the tunnel stays alive.

Sounds like you need to implement some similar tactic to keep low background traffic on the tunnel.

Fiasco Labs
  • 563
  • 4
  • 10