Felix Tsang wrote:
Can anyone please give me a pointer as to why I am having big problems with using a Safenet VPN client (conecting to) -> Netscreen VPN/FW appliance via Jetstart / UBS / Jetstream ? This is happening on multiple disassociated / unrelated networks.
I am using mostly Dynalink RTA300 DSL Modems, and Netscreen 5XT / GT boxes. I believe it is something to do with the NZ DSL network as this type of VPN setup has worked well for over 1/2 years until it start to become more and more unreliable. Can anyone help or suggest a solution?
I've recently been doing some research trying to isolate a problem with a clients multiple Linux-based IPSec VPNs running through consumer-grade ADSL routers. (I would guess that your Safenet/Netscreen devices are using some form of IPSec VPN). My findings were unusual; the more recent the model of ADSL router used, the more unreliable the VPNs became when under load. For me, this was only the case when running multiple VPNs. Older model ADSL routers performed admirably (the Nokia M1122 was fantastic) while later model ADSL routers ranged from some models reliably crashing after 30 seconds of load to other models seeming ok on the bench but performing very badly in the field. Some brands actually got worse with more recent firmware upgrades or chipsets. Some googling revealed that there may be problems routing ESP traffic for multiple IPSec VPNs through cheaper, less well engineered ADSL routers. I am guessing that modern consumer grade ADSL routers fall into the "less well engineered than they used to be" category. Its just barely possible that this also applies to the hardware used in the exchanges and ISPs. Just a guess. For what its worth, we are moving away from IPSec to openvpn. Unfortunately, once you've bought into a hardware VPN solution, it becomes somewhat harder to make that sort of change...