inetcfg and C2S vpn

Nw6.0 and BMsp1
I am trying to setup a Client to site IKE based VPN on a server that had a 
legacy VPN setup. The problem is, after setting up the VPN server and 
service in Imanager, nothing loads No vpmaster,Authgw or Ike.

I suspect that the reason revolves aroung the fact that the legacy tunnel 
still shows up in inetcfg. I can see no other reason why it wont load. The 
legacy config has been removed with vpncfg. and it shows that there is no 
VPN servers configured, yet the tunnel still shows up in inetcfg.

Is there a way to remove this entry in inetcfg? With out causing downtime 
or major server issues?

Novell has provided TID 10014469, which has you recreate the whole inetcfg
configuration. I would like to avoid this, if possible due to the downtime 
factor involved.

Has anyone else dealt an issue similar to this?
Any help would be definitley appreciated.


0
bwf6053
7/8/2004 2:02:54 PM
novell.bordermanager.install 3442 articles. 0 followers. Follow

3 Replies
276 Views

Similar Articles

[PageSpeed] 48
Get it on Google Play
Get it on Apple App Store

In article <iucHc.4981$iX1.3148@prv-forum2.provo.novell.com>,  wrote:
> I suspect that the reason revolves aroung the fact that the legacy tunnel 
> still shows up in inetcfg. I can see no other reason why it wont load. The 
> legacy config has been removed with vpncfg. and it shows that there is no 
> VPN servers configured, yet the tunnel still shows up in inetcfg.

Once you put the info into iManager, it SHOULD show up in INETCFG.

Try a DSREPAIR, and be sure there is a replica on the server.

Try STOPVPN and then STARTVPN. Wait a bit after startvpn for something to 
happen.  Do a JAVA -SHOW, and verify that a scm service is running.
> 
> Is there a way to remove this entry in inetcfg? With out causing downtime 
> or major server issues?

You do not want to try to do that.

When you startvpn, a nlm is loaded that causes a java app to run.  The java 
app looks at the NDS config and is supposed to launch the necessary VPN 
modules, as well as moving/creating/updating certain files.  If there is an 
NDS issue, you may see that nothing (VPMASTER, IKE) autoloads.  You cannot 
successfully manually load them.

I am debugging similar issues on slave VPN servers with a couple of clients.  
It smells like a tree-walking issue.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
7/8/2004 5:09:37 PM
> In article <iucHc.4981$iX1.3148@prv-forum2.provo.novell.com>,  wrote:
> > I suspect that the reason revolves aroung the fact that the legacy 
tunnel 
> > still shows up in inetcfg. I can see no other reason why it wont load. 
The 
> > legacy config has been removed with vpncfg. and it shows that there is 
no 
> > VPN servers configured, yet the tunnel still shows up in inetcfg.
> 
> Once you put the info into iManager, it SHOULD show up in INETCFG.
> 
> Try a DSREPAIR, and be sure there is a replica on the server.
> 
> Try STOPVPN and then STARTVPN. Wait a bit after startvpn for something 
to 
> happen.  Do a JAVA -SHOW, and verify that a scm service is running.
> > 
> > Is there a way to remove this entry in inetcfg? With out causing 
downtime 
> > or major server issues?
> 
> You do not want to try to do that.
> 
> When you startvpn, a nlm is loaded that causes a java app to run.  The 
java 
> app looks at the NDS config and is supposed to launch the necessary VPN 
> modules, as well as moving/creating/updating certain files.  If there is 
an 
> NDS issue, you may see that nothing (VPMASTER, IKE) autoloads.  You 
cannot 
> successfully manually load them.
> 
> I am debugging similar issues on slave VPN servers with a couple of 
clients.  
> It smells like a tree-walking issue.
> 
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on 
> BorderManager, go to http://www.craigjconsulting.com ***
> 
Do I have to get the old legacy VPtunnel removed? Or can I just launch 
Startvpn and It "should" do the rest. Is it possible to have more than 1 
VPtunnel entry in Inetcfg?. If it is, I might not need to remove the 
legacy tunnel as we wont be using it, and the ipaddress of the new IKE 
based tunnel wont conflict.

Ineed to find a way to get this running, but Novell Support wants me to 
whack inetcfg and start over. I really want to avoid that, if at all 
possible. 
0
bwf6053
7/9/2004 7:35:59 PM
In article <zsCHc.6577$iX1.1581@prv-forum2.provo.novell.com>,  wrote:
> Do I have to get the old legacy VPtunnel removed? Or can I just launch 
> Startvpn and It "should" do the rest. Is it possible to have more than 1 
> VPtunnel entry in Inetcfg?. If it is, I might not need to remove the 
> legacy tunnel as we wont be using it, and the ipaddress of the new IKE 
> based tunnel wont conflict.
> 
There is only one VPN tunnel.  You cannot have more than one.  Using VPNCFG 
on top of IKE-based VPN allows SKIP-based VPN to also function, but there 
is still only one VPN tunnel.

> Ineed to find a way to get this running, but Novell Support wants me to 
> whack inetcfg and start over. I really want to avoid that, if at all 
> possible.

Actually, it is really pretty simple to rebuild INETCFG entries.   Just 
screenshot everything, and make a backup of all the files in the sys:etc 
directory.


Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
7/10/2004 6:23:58 PM
Reply: