Opened 12 months ago

Closed 12 months ago

Last modified 8 months ago

#1132 closed request (pending)

VPN not working on ietf-nat64

Reported by: david.somers-harris@… Owned by: jim@…
Priority: tbd Milestone: ietf-099
Component: nat64 Keywords:
Cc: Jen, Linkova, <furry13@…> My Current Location:
My MAC Address: My OS:

Description

My corporate VPN doesn’t work over ietf-nat64.
Is this expected?

I noticed that in this draft, that VPN is expected to work
https://www.ietf.org/id/draft-jjmb-v6ops-ietf-ipv6-only-incremental-00.txt

But I’m not sure whether this draft applies to the current expectations of ietf-nat64.
If not then no worries.
If so, then I would be interested in getting some help troubleshooting why it’s not working.

Thanks!

Attachments (2)

tcpdump.zip (1.8 MB) - added by david.somers-harris@… 12 months ago.
Added by email2trac
vpn-logs.zip (24.9 KB) - added by david.somers-harris@… 12 months ago.
Added by email2trac

Download all attachments as: .zip

Change history (10)

comment:1 Changed 12 months ago by llynch@…

Component: incomingnat64
Owner: changed from < default > to jim@…
Status: newassigned

Jim -

I'll add this to the nat64 wiki page but note the request for trouble shooting. Do we have a nat64 resource available?

  • Lucy

David - some info on the current nat64 data collection effort:

Thanks for trying the NAT64 network (SSID ietf-nat64) and reporting your
experience. As far as we can tell, the issue you reported is either an issue
of the NAT64 implementation’s handling of that specific traffic or the given
application vendor's implementation. We’re collecting all the issues that
come up and will pass the reports back to the nat64 equipment vendor at the
end of the week. Hopefully this will lead to better implementations and
greater functionality for the next meeting. If you’re curious about other
known issues, please see https://tickets.meeting.ietf.org/wiki/nat64

If you have additional input on this issue please update the ticket, if you
see new issues please open additional tickets.

comment:2 in reply to:  2 ; Changed 12 months ago by david.somers-harris@…

Thanks.

Just for the record, here is the VPN client I’m using,
In case it helps with vendor side troubleshooting later.

F5 BIG-IP Edge Client
Version 7111.2016.0328.1

comment:3 Changed 12 months ago by jim@…

David,

I believe you've already been given a heads up, but just in case, I wanted to update you that Jen Linkova of Google has offered to troubleshoot this with you. If you'd be so kind as to reply with the results of your work, we'd appreciate it!

Leaving this ticket open to await the troubleshooting results.

  • Jim

comment:4 Changed 12 months ago by llynch@…

Cc: Jen Linkova <furry13@…> added
Resolution: pending
Status: assignedclosed

closing pending nat64 updates -

David -

If you and Jen find a fix please update the ticket!

Thanks -

Lucy

comment:5 in reply to:  5 ; Changed 12 months ago by david.somers-harris@…

Resolution: pending
Status: closedreopened
Looks like Jen and I won’t be able to find a fix during ietf-99.
Jen says she needs somebody who understands SSL VPN to take a look at this to understand what is going on.

I have attached the client-side packet capture as well as the client and server-side logs for anybody else who is able to look at this.

tcpdump.zip

vpn-logs.zip

Changed 12 months ago by david.somers-harris@…

Attachment: tcpdump.zip added

Added by email2trac

Changed 12 months ago by david.somers-harris@…

Attachment: vpn-logs.zip added

Added by email2trac

comment:6 Changed 12 months ago by llynch@…

David and Jen -

Thanks for following up on this. We'll dig back into this after the NOC
debrief meeting on Friday - nice to have data to work with before IETF 100

  • Lucy


comment:7 Changed 12 months ago by llynch@…

Resolution: pending
Status: reopenedclosed

comment:8 Changed 8 months ago by Rick Alfvin

Milestone: ietf-99ietf-099

Milestone renamed

Note: See TracTickets for help on using tickets.