Hello !!!
I've just found a tricky behavour with the Control Chanel :
[VPN JOINER] ---- router ---- (INTERNET) ---- router --- [VPN SERVER]
With Ethereal Network Analyzer on WAN side, I can watch the control procedure every 50s :
a TCP control Packet [PSH,ACK] ---- Server ==> Joiner
an ICMP ECHO request [TTL=6] ---- Joiner ==> Server
an ICMP ECHO reply ---- Server ==> Joiner
a TCP control Packet [ACK] ---- Joiner ==> Server
on some of our "joiners", the ICMP ECHO request / reply is OK (same provider).
But on some others, it seems that the TTL=6 of the ICMP ECHO request is not enough and no ICMP ECHO reply comes from server (==> TTL exceeded).
- Why does the ICMP packet have a TTL=6 value ?
- Is this ICMP reply is important and needed for the Control chanel ?
- TCP packets are forwarded to Wingate, but ICMP packets are not : when TTL=6 is OK, then the reply comes from the Server's router (if configured to answer to ICMP requests). is it a normal behavour ??
I wonder if on older versions of Wingate VPN, theses ICMP packets waren't encrypted over UDP Data Chanel to the remote VPN Server IP Address Then TTL=6 would be OK in every case.
Thanks a lot for your answer !!!
Sorry for my english !!!
Jeff