Dsl connection stays down



  • I have a dsl connection with a site-site vpn, if someone is at the location and using the Internet the vpn stays up and you can access the pf box. if there no other traffic the dsl connection goes and stays down, did not have this problem with 1.2.2 is there a way to keep the connection active?

    using 1.2.3 on 2.66 Intel on MSI with sis nics, 1024MB Ram, 40 GB HD, Qwest ADSL



  • that is weird.  is the dsl PPPoE?  if so, make sure that 'dial on demand' is not set for the WAN interface.



  • thats all pf supports. qwest will do a or e. dial on demand is enabled.

    edit:
    qwest prefers a but i am using pf so i am using e. has worked with 1.2.2. didnt start until upgrade to 1.2.3, i thought it was hardware so i replaced all the nics, still problam stays



  • i'm sorry, i can't even tell what you are saying :(



  • ppoe = e
    ppoa = a

    sorry for the confusion



  • Like I asked, did you disable dial on demand?



  • sorry didnt see that, no but i will and will let you know.
    how would that affect it? isnt dial on demand supposed to be enabled if you want the Internet "always on"?



  • no, you have it backwards.  "on demand" means "only bring it up if there is traffic".



  • so essentially the vpn does not create the traffic that would keep the connection up?
    I will make sure its disabled and get back to you when i have made the change, wont be able to do it for a day or two though.



  • well, maybe.  do you have the vpn setup to send keepalive packets?  if not, try that.  then again, you could just disable the option :)



  • vpn is set up to do the keep alive.
    I will try to disable it and see what happens.



  • I disabled it and still have a problem, turns out snort is whats causing the problem, it is blocking the wan ip of the local box, so that nothing can go out the wan connection unless i unblock it from snort… will try using an fqdn (since my ips are dynamic) to see if it fixes the problem



  • glad you figured that out.  i'm not surprised, i gave up on snort a couple of years ago after similar false positive fiascos :(



  • it is too bad, do you know if the whitelist works with fqdns?
    I have left the dial on demand disabled in case it was part of the problem.



  • Not sure if you are talking to me.  If so, I have no idea, since I have been burned twice with snort.



  • i was since you were the only one helping me. Its burned you twice huh, doesnt sound too good.
    I still think this is related to my upgrade as it didnt do this on 1.2.2, I will ask it on the snort board.

    Thanks for your help at least the connectivity issue is solved, if i cant use snort im not going to worry as it isnt critial to me.


Log in to reply