Opened 8 years ago

Closed 8 years ago

#195 closed request (pending)

unable to complete VPN sessions

Reported by: Randall Gellens <rg+ietf@…> Owned by: geertj@…
Priority: tbd Milestone: IETF Week
Component: guest_room Keywords:
Cc: My Current Location:
My MAC Address: My OS:

Description (last modified by geertj@…)

Oddly, I have not been able to complete VPN negotiations in the hotel network since early morning today (I was able to do so prior).

I'm not sure we can resolve this. Some background info:
The hotel wifi system consists of a bunch of AP's and a "controller" box. The old controller is limited to 80 sessions max, and was literally falling over when IETF-ers started using the network.

What we did was three-fold:

  • Bring more bandwith in (the old hotel network was an ADSL line that we maxed out). The new bandwith is the orange cable
  • Get a bigger controller box that can handle more sessions
  • Clean out the new controller as much as possible, so it can handle the large number of sessions we need. Think "factory default" with minimal changes" and "minimal work for the controller".

What I suspect is happening, is that your VPN client has particular requirements on NAT-ting that are not met with the NAT the controller is now providing. I'm sure I don't need to explain about the difficulties of NAT, IPsec, and sharing IP's: it's not a pretty sight.

The wifi-controller is quite obscure and we spent many, many hours tuesday night to make it do what we need it to do: make the AP's talk, nothing else. There is not a knob to "un-break IPsec" or anything obvious.

So, this isn't a case of flipping a switch, but a case of fiddling with a box that will likely break the whole hotel network, and I'd rather not do that unless we really need to, and only when we have a better understanding of why the netscreenbox is failing, including logs on both ends, etc.

The long and short is that I'm not sure we can fix it before the IETF network dies (21 hours from now). Perhaps you can use the ietf-nh AP if your room faces the MECC, or access the network in the MECC itself?

Otherwise, pls do swing by in room 0.11 and we'll see what can be done, but realistically speaking I'm not hopeful.

I do apologise for breaking something to you but I hope you understand the improvement we made to the NH-IETF community as a whole.

Cheers,

Geert Jan

Change history (3)

comment:1 Changed 8 years ago by Randall Gellens

id: 195

This message has 0 attachment(s)

comment:2 Changed 8 years ago by llynch@…

Component: incomingguest_room
Description: modified (diff)
Owner: changed from llynch@… to geertj@…
Status: newassigned
Type: request
  • hotel help desk

comment:3 Changed 8 years ago by geertj@…

Description: modified (diff)
Resolution: pending
Status: assignedclosed
Note: See TracTickets for help on using tickets.