IPX Capability Gone from Site-Site VPN - June 20, 2002
There is a bug in INETLIB.NLM in the NW51SP4.EXE and NW6SP1.EXE patches. This bug causes IPX to be removed from a Site-Site VPN configuration. I have seen this on my servers, and one of my clients also had the same problem. I will update this tip with more information as I find out more details.
June 20, 2002 - Novell Patch Fixes Bug
See Tip #1 for the latest patches. If using NW51SP4 or NW6SP1 servers, you want to get the VPTFIX.EXE patch from Novell.
April 18, 2002 - Test Files From Novell Available
Novell has confirmed a bug, and has a replacement files in test which should fix the issue. Until Novell releases an official patch, they have allowed me to post the test files here. These files should work in NW6SP1 and NW51SP4 environments.
- Back up your existing INETLIB.NLM and TCPCFG.NLM files in SYS:SYSTEM on your VPN server(s).
- Copy the new files into SYS:SYSTEM. These files should be dated 4/18/2002
- Reboot the server
- In NWADMN32, go back into the master Site-Site server control options and check the IPX box. (You may need to uncheck, save, wait for synchronization, then go back in and check the IPX box again).
- You should see that IPX is again added to the Site-Site VPN link.
You can download the test file HERE. Keep an eye on tip #1 at this web site for news of an official patch. The file I have available here also includes a TCPCFG.NLM file which should fix some other problems.
April 8, 2002: The Temporary Workaround
A workaround is not difficult, BUT it is not permanent - your IPX settings will disappear again if you Synchronize All, or UNLOAD VPTUNNEL and Reinitialize System, or if you reboot the server, or if you use my latest BMOFF/BMON NCF files, etc!
Easiest workaround, until a true patch is released, will be to have a good backup copy of NETINFO.CFG that you can copy into SYS:ETC\, and then reinitialize system.
Situation: Site-Site VPN set up between BorderManager 3.6 master server and various 3.x slave servers. IPX capability working fine for months or years. Then IPX is suddenly gone from the Site-Site VPN.
Symptoms:
- IPX servers on far side of Site-Site VPN no longer visible with DISPLAY SERVERS command
- LOAD CALLMGR, <insert>, <enter> no longer shows an option for IPX in the Active Protocols screen
- IPX is no longer checked in the NWADMN32, BorderManager Setup, VPN, Master Site-Site, <master server>, Control Options menu.
- There is no IPX binding for the VPTUNNEL interface in INETCFG, Bindings
Fix:
- Check the IPX option again in the VPN Control Options settings for the Master Site-Site VPN server.
- If you have a current backup of the SYS:ETC\NETINFO.CFG file, it would be best to restore that file and Reinitialize System. Otherwise, edit the NETINFO.CFG file as described below.
- If you do not have a backup of the SYS:ETC\NETINFO.CFG file, edit it as follows to add back the missing IPX binding information for VPTUNNEL on the master VPN server.
#!BEGINBIND STATUS=ENABLED
BIND IPX VPTUNNEL
#
#!END
On my server, I had applied the BM36C01A patch only to the Master server. I inserted the missing lines directly after the last IPX bind statement for my interfaces. A larger section of the NETINFO.CFG file looks like this:
#LOAD ipxflt
#
#!BEGINBIND STATUS=ENABLED
BIND IPX PRIVATE_E82 net=8022 seq=1
#8022
#!END
#!BEGINBIND STATUS=ENABLED
BIND IPX VPTUNNEL
#
#!END
#!END
The # line after the BIND IPX VPTUNNEL entry is significant for the Master Site-Site VPN server. On a slave VPN server, that line will not be present, and you should instead have:
#!BEGINBIND STATUS=ENABLED
BIND IPX VPTUNNEL
#!END
#!END
If you leave out the # line on the master VPN server, you will see an IPX network number #!END in the VPTUNNEL binding in INETCFG, Bindings.
REINITIALIZE SYSTEM, and IPX should come back on the Site-Site VPN.
Immediately make a backup copy of a working NETINFO.CFG file and save it!