Firewall Wizards mailing list archives
FireWall-1 SecuRemote hoses client stack?
From: Neil Ratzlaff <Neil.Ratzlaff () ucop edu>
Date: Sat, 15 Nov 1997 09:49:26 -0800
This is a long story, but I want to indicate that I have tried all the obvious (to me, I hope there is something I missed that is obvious to someone else) things and their results. I am trying to make SecuRemote work. I have 3.0b DES of FW-1(Sparc20, Solaris2.5.1) and SR (Win-95); using the Windows GUI for Policy and LogViewer. When GUI and SR are installed on client, but no site is selected yet in SR, telnet, ftp, and http all work to any address. I select the site, get keys, etc. Everything still works. I then telnet to the encrypted domain, fill in FW user/password, and complete login. It shows properly in the log. I can still telnet and ftp anywhere, but I can NOT use web browser, nor can I use LogViewer or Policy. FW Windows95 GUI freezes on "Connecting to server", or if I power the client off and back on, it passes on to "Loading objects" before it freezes. In either case, I can't quit the application without rebooting the Windows95 machine. Snoop on the interface shows that the client is sending out ICMP packets 3,2 (Bad Protocol) to a wide variety of domains, beginning with various numbers including 154, 156, 55, 65, 67, 19, 16, 152, 23, 145, 91, 12, 33, 36 and more. These packets continue to be sent out for a while even after I quit all applications on Windows95. No pattern I can see, and the domains are not the same each time. This happens when I try to use the Windows FW GUI OR when I try to use a web browser. On the firewall console, I get this message each time I successfully get authenticated: "fwd: Format 'cryptlog_crypt' not found". What does this mean? After ICMP problems start, I can not telnet most places, either. Sometimes I can telnet and ftp if I skip DNS and use IP addresses. I can KILL the SR daemon and/or delete the site in either order, without effect. At least I can uninstall SR and reboot (leaving the machine powered off for several minutes) to return things to normal, but it seems to take an hour or two after reboot before things work. Even uninstalling both the GUI client and SecuRemote does not clear the problem, nor does reinstalling either one of them separately. It appears to me that one use of the encryption poisons the TCP stack somehow since everything works, with all FW software active, until I enter an encrypted session. Does anyone have any suggestions, or better yet, solutions? I am grasping at any straw I haven't tried yet, and I will even repeat a few. It might be possible that a dll (for encryption?) is activated at this point, and it stays active even when it shouldn't be. Does anyone know what dlls are installed or used by SecuRemote, or where I can find this information? Neil
Current thread:
- FireWall-1 SecuRemote hoses client stack? Neil Ratzlaff (Nov 14)