43
Release Notes for VPN Client, Release 4.0 through Release 4.0.5.D
OL-5450-10
Open Caveats
or
–
Use Gemplus version 3.0.30 that no longer installs the gemgina.dll
• CSCdv46591
When a CPP Firewall policy is in place that drops all inbound and outbound
traffic and no WINS address is sent to the VPN Client from the 3000 series
Concentrator, Start Before Logon fails. If a WINS address is in place, Start
Before Logon works fine. Also, if a WINS address is sent and the CPP rule
drops all inbound traffic, but allows all outbound traffic, Start Before Logon
works fine.
• CSCdv46937
Using the Aladdin “R2” model etoken, certain functions can be performed
using the certificate even after the R2 token has been detached from the
system (USB port). The VPN Client, for instance, can perform an IKE rekey
without the token attached to the system. The reason for this is the design of
the “R2” etoken: it does not contain the RSA key functions needed and must
upload the private key to the system for these functions.
In contrast, the Aladdin “PRO” etoken must be connected to the USB port
during an IKE rekey, otherwise the VPN Client connection terminates. This
is Aladdin’s problem; it is not a VPN Client problem.
• CSCdv55730
Using the Solaris VPN Client, some applications are unable to operate
properly. A possible indicator of the problem is that a large ping is unable to
pass through the VPN Tunnel.
No problem exists when passing large packets using cTcp or normal IPSec.
When using IPSec over UDP, Path MTU Discovery problems exist, as a result
of which large packets cannot be transmitted.
An MTU issue currently exists with the Solaris VPN Client that causes
fragmentation errors that might affect applications passing traffic through the
VPN Tunnel.
To identify whether the VPN Client is properly fragmenting packets, use the
following commands:
ping -n <known good ping target address>
ping -n -s <known good ping target address> 2500