> From: Edward Ned Harvey (openindiana) > [mailto:openindi...@nedharvey.com] > > I am having a really hard time coming up with a plausible explanation for > this, > other than some kind of kernel bug with openindiana...
Found a new clue, which is totally unbelievable, yet totally enlightening. The firewall is a cisco asa 5505. We have both anyconnect & ipsec vpn for mobile clients enabled. I tried them both, and got the same result for both (thinking maybe it was a problem with the vpn client.) My home firewall is a pfsense device. So today, I enabled point-to-point ipsec vpn between my home and work. Now I can sit at home with my laptop, use the laptop VPN client to connect direct to the failing OI hosts... Or I can disconnect my laptop vpn client, enable the firewall vpn, and then ssh to the failing OI machines. When I use the IPSec or Anyconnect VPN client, I have the problem. When I enable the site-to-site VPN, I don't have the problem. So I've reached two conclusions: -1- The problem is related to the Cisco ASA firewall, and mobile VPN connectivity. -2- The problem is related to OpenIndiana. (No problems connecting to other ssh/vnc systems in the office, linux, mac, or windows.) I have not yet tried using a mac/linux VPN client. Might learn something there too. I don't know why there would be a bad interaction between the OI machines and the Cisco ASA. But there is. I think I'll probably try to lay it on Cisco support next. They'll probably tell me to upgrade IOS. Even though this is a relatively current stable version ... the most stable latest bugfix version of the almost-latest line, last July. The one they recommended as "the most stable one we're recommending for now." _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
