|
IBM is thinking it is a network config issue between the IBM I, VIOS and switch port.
I had customer give me access to another IBM I system and there was no problem, so the issue in not VPN related.
From: Patrik Schindler<mailto:poc@xxxxxxxxxx>
Sent: Friday, May 29, 2020 1:29 PM
To: Midrange Systems Technical Discussion<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: ACS 5250 VPN Issues
Hello Steve,
Am 29.05.2020 um 18:20 schrieb Steve Pavlichek <spavlichek@xxxxxxxxxxx>:
To make this even more interesting, some commands work and some don’t. NETSTAT *IFC works, WRKACTJOB does not. GO LICPGM works but WRKLICINF does not.
Same results using ACS and putty.
I’m running as QSECOFR, so it should not be an authority issue.
This sounds like a MTU issue. "Big" packets with lots of data in them getting lost in transfer, because some link in between cannot cope with the "usual" maximal size of 1500 Bytes.
If for any reason, the VPN software prohibits fragmentation, routers left and right of the smaller-mtu-link will send an ICMP answer. When there's a misconfigured firewall in between blocking ICMP "for more security", you'll get the behaviour you observe.
How to test this (with Linux):
ping -s 1400 -M do ibmi-IP
Increase 1400 Bytes until there's no more answer from the IBM i box. The last functioning packet size is the biggest one working over the link in question.
:wq! PoC
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.