The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community
Geekfinder
UFie Gear
Advertise on UF
Forum Rules
& FAQ

Username

Password


Create a New Account

  
 

Back to UserFriendly Strip Comments Index
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA (n/t) by Havoc2006-01-24 07:43:29
  *sob* by Havoc2006-01-24 07:44:12
    Would telling the story help or hurt? by jayfarm2006-01-24 07:49:19
      story by Havoc 2006-01-24 08:34:28
Boss & I have been working on a VPN issue for 2 weeks, got it working (flawlessly) on a cheap linksys firewall we bought for $80. Then instead of getting an attaboy, I get reamed for not making it work on our $7000 firewall. We had just spent 2 weeks working on that without any luck. I asked why the cheap dedicated firewall VPN solution wasn't good enough. He pointed out that all of the problems we had figured out in attempting to get the cheap one working had turned out to be problems in my purview (i.e. my fault), so he assumed that the reason the main firewall wouldn't work with the VPN was also my fault.

I suggested that I go home and let him deal with it. Then things got nasty.

Long story short, he calmed down and talked me offa the ledge, we decided to work on the big firewall today, and if no solution was found, go back to the cheap one that worked.

Turns out that when we configured the VPN on the big firewall we needed to specify both the local IP for IKE and the remote mac. It still would not connect. We traced the packets using tcpdump on several systems, from the server to the router to the firewall to the switch on the other side - which never saw the packets. firewall route?

Turned out that we had added the remote network ranges to another network group that routed out the same switch, but to a router on the other side. Since the VPN networks are not reached that way, but via the VPN, all attempts to get to those networks failed.

I removed those 2 nets from the network group in question and then we saw the packets on the other side.

Still no VPN connection and no data.

I had to leave and work on plotter issues, he stayed to work on it.

I got back 20 min later and both VPNs had connected and he had multiple servers ping-flooding the remote workstations with 0 loss. *sigh*

What had he done? nothing. NOTHING. It self-healed? It Just Started Working.

After we corrected the route, he said it took about 5 min to begin working.

Cooler now. Glad I didn't quit.


Why would that annoy me that much? 'Cause he does it all the time. He either gets stubborn and his way is the only way even tho it stands no chance of success, or he blames me. He jumps to conclusions and doesn't think things through, then it's my fault when his idea fails.

I'm a contractor. It's my job to be at fault. But I don't like it sometimes.
[ Reply ]
        Nice "logic" by Concept2006-01-24 09:33:26
        It's OK. The fact that things worked for him by Peace_man2006-01-24 09:41:11

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)