VPN Issues With New Airport Extreme 802.11n

An anonymous reader writes "The new Airport Extremes are shipping and some users are reporting problems with certain types of VPN connectivity. There is a work-around posted in Apple's support forums, but the solution is less than ideal. These issues were not experienced in Apple's earlier Airport Extreme, and users are calling for Apple to fix the issue. Some have even taken their unit back to Apple until a fix is created."

RFC 3948 and NAT Traversal

[calmdude]

Nortel Contivity client has long sucked, and most people use older versions that don't support UDP encapsulation and NAT Traversal. Getting TCP IPsec to work is an issue not just with the Airport, but with many firewalls. Try connecting a Nortel Contivity client from behind a PIX/ASA/IOS CBAC, or Netscreen for that matter (with default settings). Stateful filtering and NAT will break the VPN.

Re:This is news why?

[bunco]

I succesfully ran Contivity through a PIX for years. Having recently moved to DD-WRT, Contivity works for _most apps_. Unfortunately, interactive data services like SSH seem to be very fragile now. I know it's due to packet loss though I cannot figure out why iptables isn't forwarding the packets. I've watched the counters for the connection and it's in no danger of timing out.

I will agree that Contivity is a finicky pile of poop. Cisco and Checkpoint's clients are far better.

Re:How is this news?

[avalys]

It's not a problem with all VPNs, just a specific brand of VPN client (Nortel Contivity), that is known to be flaky on gear from a number of manufacturers, not just Apple.