Custom query (902 matches)


Show under each result:

Results (103 - 105 of 902)

Ticket Resolution Summary Owner Reporter
#195 pending unable to complete VPN sessions geertj@… Randall Gellens <rg+ietf@…>

Oddly, I have not been able to complete VPN negotiations in the hotel network since early morning today (I was able to do so prior).

I'm not sure we can resolve this. Some background info: The hotel wifi system consists of a bunch of AP's and a "controller" box. The old controller is limited to 80 sessions max, and was literally falling over when IETF-ers started using the network.

What we did was three-fold:

  • Bring more bandwith in (the old hotel network was an ADSL line that we maxed out). The new bandwith is the orange cable
  • Get a bigger controller box that can handle more sessions
  • Clean out the new controller as much as possible, so it can handle the large number of sessions we need. Think "factory default" with minimal changes" and "minimal work for the controller".

What I suspect is happening, is that your VPN client has particular requirements on NAT-ting that are not met with the NAT the controller is now providing. I'm sure I don't need to explain about the difficulties of NAT, IPsec, and sharing IP's: it's not a pretty sight.

The wifi-controller is quite obscure and we spent many, many hours tuesday night to make it do what we need it to do: make the AP's talk, nothing else. There is not a knob to "un-break IPsec" or anything obvious.

So, this isn't a case of flipping a switch, but a case of fiddling with a box that will likely break the whole hotel network, and I'd rather not do that unless we really need to, and only when we have a better understanding of why the netscreenbox is failing, including logs on both ends, etc.

The long and short is that I'm not sure we can fix it before the IETF network dies (21 hours from now). Perhaps you can use the ietf-nh AP if your room faces the MECC, or access the network in the MECC itself?

Otherwise, pls do swing by in room 0.11 and we'll see what can be done, but realistically speaking I'm not hopeful.

I do apologise for breaking something to you but I hope you understand the improvement we made to the NH-IETF community as a whole.


Geert Jan

#63 fixed [Fwd: ipv6 in enterprises] jim@… Randy Bush <randy@…>
#388 fixed Failing BGP routes? msackett@… Ray Bellis <ray@…>

Similar to yesterday's ticket #368, I'm trying to reach a site ( on IP which works fine from my home network or my EC2 server but not from the IETF network:

% traceroute traceroute to (, 64 hops max, 52 byte packets

1 ( 1.486 ms 0.858 ms 0.828 ms 2 ( 1.955 ms 0.902 ms 0.963 ms 3 ( 1.394 ms 1.257 ms 1.503 ms 4 * *qC

Debugging with Chris Elliot shows the same problem visible from his laptop.

Note: See TracQuery for help on using queries.