From owner-freebsd-net@FreeBSD.ORG  Thu Jul  7 19:40:05 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0E0E1106564A
	for <freebsd-net@freebsd.org>; Thu,  7 Jul 2011 19:40:05 +0000 (UTC)
	(envelope-from cswiger@mac.com)
Received: from asmtpout028.mac.com (asmtpout028.mac.com [17.148.16.103])
	by mx1.freebsd.org (Postfix) with ESMTP id DFF828FC0C
	for <freebsd-net@freebsd.org>; Thu,  7 Jul 2011 19:40:04 +0000 (UTC)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII
Received: from cswiger1.apple.com ([17.209.4.71])
	by asmtp028.mac.com (Oracle Communications Messaging Exchange Server
	7u4-20.01 64bit (built Nov 21 2010)) with ESMTPSA id
	<0LNZ007ATAM7RI20@asmtp028.mac.com>
	for freebsd-net@freebsd.org; Thu, 07 Jul 2011 12:39:43 -0700 (PDT)
X-Proofpoint-Virus-Version: vendor=fsecure
	engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
	definitions=2011-07-07_08:2011-07-07, 2011-07-07,
	1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
	ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0
	classifier=spam
	adjust=0 reason=mlx engine=6.0.2-1012030000 definitions=main-1107070160
From: Chuck Swiger <cswiger@mac.com>
In-reply-to: <4E159C5A.5090702@visi.com>
Date: Thu, 07 Jul 2011 12:39:42 -0700
Message-id: <13D65A4C-F874-4970-A070-AA0392416680@mac.com>
References: <4E159C5A.5090702@visi.com>
To: Paul Keusemann <pkeusem@visi.com>
X-Mailer: Apple Mail (2.1084)
Cc: freebsd-net@freebsd.org
Subject: Re: Debugging dropped shell connections over a VPN
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 19:40:05 -0000

On Jul 7, 2011, at 4:45 AM, Paul Keusemann wrote:
> My setup is something like this:
> - My local network is a mix of AIX, HP-UX, Linux, FreeBSD and Solaris machines running various OS versions.
> - My gateway / firewall  machine is running FreeBSD-8.1-RELEASE-p1 with ipfw, nat and racoon for the firewall and VPN.
> 
> The problem is that rlogin, ssh and telnet connections over the VPN get dropped after some period of inactivity.

You're probably getting NAT timeouts against the VPN connection if it is left idle.  racoon ought to have a config setting called natt_keepalive which sends periodic keepalives-- see whether that's disabled.

Regards,
-- 
-Chuck