- NG Firewall firmware versions 4.2.x,5.0.x, 5.2.x
- netfence firmware versions 4.2.x
Remote management tunnels continuously break and do not rebuild themselves. After re-start of the "mvpn" service, the tunnels build up again for a short while only.
The recent McAfee® IntruShield® Network IPS Appliance (Engine Version 4400) recognises a specific pattern in the remote management packets passing through the tunnel. According to the IPS Documentation published by McAfee, the packets are associated with the "P2P: SoftEther Alive" pattern match and are blocked.
The blocking of remote management packets is due to incorrect packet handling in the IntruShield Manager Software (version prior 22.214.171.124.6). According to ISP policy P2P SoftEther packets ought to cause a warning only and ought not to be blocked.
The issue has been solved by McAfee in the meanwhile. The problem no longer occurs with IntruShield Manager (version 126.96.36.199.6).