> ------------------------------
>
> Message: 10
> Date: Wed, 26 Dec 2007 18:10:07 +0100
> From: Gerben Wierda <email@hidden>
> Subject: Re: A VPN problem I do not understand
snip
>
>>
Snip
>>>> Lastly, have you read the Land Crab book to develop a
>>>> understanding of IP and TCP networking? There's also
>>>> "Troubleshooting Virtual Private Networks" by Mark Lewis which has
>>>> a very nice chapter on Troubleshooting IPSec VPNs. Without a good
>>>> understanding of the fundamentals troubleshooting VPNs is almost
>>>> impossible.
>>>
>>> I get the feeling that this is the case. Apple's documentation is
>>> in any case not good enough for me.
>>>
>>>> That said, PPTP is much easier to set up and get working through
>>>> foreign networks. While certainly not as secure as IPSec or LT2P
>>>> it does function more often through difficult networks (as do ssh
>>>> and ssl tunnels.) Is there a reason you need LT2P? Are you sure
>>>> it's even possible given your networks?
>>>
>>> On my local subnet for my experiment it should be possible.
>>
>> Yes, but in order to do so on a local subnet it' much more completed
>> than trying to get it to work on two discrete networks.
>>
>>> I do not even get that working.
>>
>> Not unexpected.
>>
>>> Maybe I should stick to PPTP. I would like to know however why this
>>> does not work.
>>
>> The regions could be legion, and the troubleshooting complex; but in
>> any case you haven't provided enough information and this type of
>> issue is hardly conducive for troubleshooting over email on a list.
>> However we could suffice to say that if you're trying to do this
>> inside a single subnet then it's just woolly thinking from the
>> beginning and leave it as that as your problem.
>
> Friendly. In the spirit of the season and all that.
>
> Let's just say I am not a VPN expert nor a networking guru. That is
> why I go to the list if teh documentation does not help me out.
I applaud your search for the "smoking bit" - it's a desire I often have to
surpress in myself in order to get the net operational. As was stated before
- somebody beat me to it - this is a many sided problem, and not susceptible
to a linear dialog as a useful troubleshooting method, especially when a
prerequisite is you digesting the documentation already noted so as to
understand your side of the conversation - this is not mean, it's teaching
you how to fish, but waiting for you to learn how to bait the hook before
repeatedly throwing out the line. And stopping now, and going on to a
working PPTP connection is not giving up, but a strategic move to get
something done while you get your skills up to speed.
A useful item in the long term search for a working L2TP would be a
wireshark trace of the process - and the ability to take a trace of a
working connection, and compare it with a trace of a non-working connection
is also a rerequisite to effective troubleshooting on the wire. If you put
together a working PPTP - be sure to take traces of the process so you can
learn what it all actually looks like on the wire. It will be especially
useful if it doesn't work at first - and you get traces of both good and bad
connections to look at. I strongly suggest you take the trace with a third
machine hubbed or port-monitored to the other two.
Www.wireshark.org
Hope this helps -
Best regards,
John Gonder
Las Positas College Cisco Networking Academy
Computer Networking Technologies
email@hidden
925.424.1000
Web Home: http://lpc1.clpccd.cc.ca.us/lpc/jgonder
Online Calendar: http://ical.mac.com/jgonder/GonderLPC
-----------------------
PGP Key ID 0x6D8FECAE
Fingerprint - D0E3 5E3B 5992 58E0 F2B8 4375 7251 26A5 6D8F ECAE
-----------------------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
