FireWall-1 SecuRemote hoses client stack?

[Neil Ratzlaff <Neil.Ratzlaff () ucop edu>]

This is a long story, but I want to indicate that I have tried all the
obvious (to me, I hope there is something I missed that is obvious to
someone else) things and their results.

I am trying to make SecuRemote work.  I have 3.0b DES of FW-1(Sparc20,
Solaris2.5.1) and SR (Win-95); using the Windows GUI for Policy and
LogViewer.  When GUI and SR are installed on client, but no site is
selected yet in SR, telnet, ftp, and http all work to any address.

I select the site, get keys, etc.  Everything still works.  I then telnet
to the encrypted domain, fill in FW user/password, and complete login.  It
shows properly in the log.  I can still telnet and ftp anywhere, but I can
NOT use web browser, nor can I use LogViewer or Policy.

FW Windows95 GUI freezes on "Connecting to server", or if I power the
client off and back on, it passes on to "Loading objects" before it
freezes.  In either case, I can't quit the application without rebooting
the Windows95 machine.  Snoop on the interface shows that the client is
sending out ICMP packets 3,2 (Bad Protocol) to a wide variety of domains,
beginning with various numbers including 154, 156, 55, 65, 67, 19, 16, 152,
23, 145, 91, 12, 33, 36 and more.  These packets continue to be sent out
for a while even after I quit all applications on Windows95.  No pattern I
can see, and the domains are not the same each time.  This happens when I
try to use the Windows FW GUI OR when I try to use a web browser.  On the
firewall console, I get this message each time I successfully get
authenticated:  "fwd: Format 'cryptlog_crypt' not found".  What does this
mean?

After ICMP problems start, I can not telnet most places, either.  Sometimes
I can telnet and ftp if I skip DNS and use IP addresses.  I can KILL the SR
daemon and/or delete the site in either order, without effect.  At least I
can uninstall SR and reboot (leaving the machine powered off for several
minutes) to return things to normal, but it seems to take an hour or two
after reboot before things work.  Even uninstalling both the GUI client and
SecuRemote does not clear the problem, nor does reinstalling either one of
them separately.

It appears to me that one use of the encryption poisons the TCP stack
somehow since everything works, with all FW software active, until I enter
an encrypted session.  Does anyone have any suggestions, or better yet,
solutions?  I am grasping at any straw I haven't tried yet, and I will even
repeat a few.

It might be possible that a dll (for encryption?) is activated at this
point, and it stays active even when it shouldn't be.  Does anyone know
what dlls are installed or used by SecuRemote, or where I can find this
information?

Neil