Hi Gonzalo,

here is below what is did with this new module for tests.. my first goal
is to see AUTHGW, IKE, etc.. loaded on the slave, with no contact to any
other server, just trying to reach or waiting for the master.. at the
stage of the test, the initial contact between the new slave and the
master has not been established system/vpn files have not been

* i run a test in the production environment

* we assume that all the concerned machines are running the latests
patches / releases unless mentionned that older modules are used

-> in this case no server is running BM38SP3_IR1. They're all NW65SP3 +

1/ to give you an overview of the WAN structure. I'm in France (Master
called here FRFW1) and i must send in Tawan a server (called TWNET1)
which will be connected to the whole private network through a S2S VPN
circuit (already 13 sites connected through this way). I already have a
way to make the link with TW through Cisco routers and NATed addresses
so we can play..

Being in France i put the server TWNET1 in my production tree, with the
correct private and public addresses (using a 4 eth port Cisco router to
fake TWNET1 and let him thinking that he's already in Tawan).
Everything is configured and i guess, working normally. Time is in sync,
i check that the attributes and values are correctly set (slave 131072,
services enabled 3, etc...).. The call list of each existing server si
correctly updated and they start to try to open an IKE session with
TWNET1. Of course they cannot but it's what i want..

2/ The server is shipped in Tawan and connected into the LAN. There
is 2 lines available, one existing with a Cisco router (i use it to NAT
the private addresses to public's Australian addresses - see below) and
a new DSL line on which the public interface of TWNET1 is connected
through a basic xDSL modem/router

I setup the config of a BM server in Australia, so the requests coming
from TW for public addresses on this connection are Nated into the
private ip addresses of all the other critical servers of the Wan and
injected into the private network

-> playing with the routing tables, everything works fine. The TWNET1
server can communicate with all the other, no stuck obits, time in sync,
all partitions synchronized, etc.. iManager and NRM works ok

On the TWNET1 server there is a replica of "Security", a replica of
"Root.WARTW.TW" (where the users objects are defined), and a replica of
"Root.TWN.VPN" (the container of the server itself)

-> playing again with the routing tables, i can totally cut the TWNET1
from the rest of the private network, simply by changing the default
route to the DSL line instead of the private interface of the Cisco router

Once the server is isolated, i start "runvpn -l3". The connection to the
tree of the scmServiceObject seems to be ok quite quickly and i can
expect that vpslave, authgw, ike, etc.. will load not too late. But
after a few minutes here is what i have in the java debug screen (see

3/ I decide to open a connection to a server (USNET1) with a replica of
[Root] and to wait... no chance, -626 errors even with the connection
working fine.. seems to try to resolve USNET1 using SLP, even with
etc/hosts correctly filled in.. but only local services are available
(no DA) -> i open a connection to a server with a running DA and i put
the correct value in slp.cfg, i've all the services now visible by
TWNET1, and i wait -> no success -> i use "stopvpn" and "startvpn" again
(by the way is it normal that a stopvpn unbinds the vptunnel interface
and that startvpn doesn't bind it ?? so a reinitialize system between is
necessary ?

this time i've a funny result :

Exception encountered ### javax.naming.AuthenticationException [Root
exception is com.novell.service.session.InvalidDomainNameExcept ion:
WARDIVnull; check root causes]will try again

-> don't know where the "WARDIVnull" comes from (WARDIV is the name of
the tree..) -> in fact i see in the java debug screen that the scm_main
context is now set to NULL

-> i think that the program is a little bit lost.. i reset the slave
server with an initial connection to the master FW1, a DA, and i come
back :)

testName vpnServiceIdentityDN :test attr: vpnServiceIdentityDN: Distinguished Na
me scmServiceObject.TWN.VPN
logged in as serviceDnscmServiceObject.TWN.VPN

Setting contextWARDIV

6/17/05 7:56 PM Successfully created the dirCtx
SCM: Error occured while adding objectsC2S_TWN.TWN.VPN
6/17/05 8:00 PM NDS Change Event Received
6/17/05 8:00 PM Changed object = C2S_TWN_WEIT.VPN Rules.C2S_TWN.TWN.VPN Change T
ype = ADDED
Search failed: javax.naming.NamingException [Root exception is com.novell.servic
e.jncp.ServerRequesterException: ccode = 35088 (0x8910)]
Exception in thread "main" java.lang.NullPointerException
at com.novell.scm.events.TimeStampEventSource.printTS ObjectTable(TimeSta
at com.novell.scm.events.SCMEventManager.initializeEv entSources(SCMEvent
at com.novell.scm.events.SCMEventManager.initialize(S CMEventManager.java
at com.novell.scm.events.SCMEventManager.<init>(SCMEv entManager.java:96)

at com.novell.scm.ServiceConfigurationManager.main(Se rviceConfigurationM