Project Notes

SOHO VPN Router Project Notes
Wednesday, February 28, 2007
Kevin Palmer

This document contains miscellaneous project notes.


Hot Plug vs. Init Scripts

QoS and Dynamic DNS are initiated by a hotplug event. IPSec VPN tunnels are initiated by the S60ipsec init script. If the router is turned on before being connected to the Internet, the S60ipsec script will fail. The problem is that the hotplug scripts will execute when the router finally gets an IP address. If Dynamic DNS executes 10 minutes before the IPSec VPN tunnels are created, the peers will not be able to create a tunnel back to the device with the delayed VPN startup. A scheduled restart of S60ipsec was implemented as a work around for this issue.

QoS on the VPN Router

Right now QoS is running on the VPN router and QoS router. Limited testing shows no advantage from running QoS on the VPN router. It might be better to not install QoS on the VPN router. Leaving QoS off the VPN router will give more memory and CPU resources to the VPN.

SOHO VPN Troubleshooting

MTU – Set the MTU when used with a DSL modem.

nvram set wan_mtu=1422
http://www.dslreports.com/tweaks/MTU
ping –l 1500 192.168.nnn.129
If the ping does not work, start with 1472 and lower by 10 … (follow the process described in the DSLReports link.)

Restart IPSec

/etc/init.d/S60ipsec --restart

Verify 0x2e DSCP is set in IPTables

iptables --list -t nat -v

View List of IPSec tunnels

ipsec eroute

View the current date and time.

The date must be correct before IPSec will start.

date