There are more problems with BM 3.8 Site to Site than BM 3.6 & 3.7 combined
and multiplied by 100. First, you darn well have better have support pack
4 on it to start with for Site to Site services to work.3.8.4 is in beta so
be careful. Second, be sure to have your server's addressed added and at
the site before you set up the VPN. If change the address of the server,
then you darn better well repair the network addresses. The VPN server
will forget that it is a VPN server and look elsewhere for a partition.
Third, you had better put your VPN box on a UPS with remote access so that
you can reboot the server when the IKE keys get out of sequence. Try this.
Reboot your Slave server once or twice and you will get the error "no
certificate found for signing." Fourth, better setup a DNS server and
forget about SLP for locating resources becuase this is a "No No. Fifth,
time management on 3.8 and NW 6.5 makes it hard to have a central time
server becuase of SLP. Setup a time server behind the Master server.
Sixth, do not use the "STOPVPN" & "STARTPVN" commands on the slave unless
you want to kill the VPN and possibly reset the server or servers.
Seven, do not call Novell and tell them that they have a problem 3.8 S to S
servies becuase they will tell you that it is all in your mind.

Bugs. Try this.

1. Change the private address of the VPN server. Restart the server.
Prior to SP4, your VPN servers will not even come up. Why? The addresses
in eDirectory get changed and the VPN is depented on eDirectory. It shoud
get updated during the limber process but does not get updated.
2. Let the links go down in the middle of the day and try to resync IKE
without rebooting the server. You might get lucky using iManage to sync the
server but odds are against you. NEVEL TELL YOU BOSS THAT YOU WILL HAVE
3. Reboot your 3.8 slave server and 3.7 server and see which tunnel comes
up first. Try this about 3 different times right after each other. I have
a speed bike and cruiser. They both ride well, but from 0 to 60, the speed
bikes always wins by a long shot.
4. Search Novell's web site for support on the S to S VPN issues. Not
there. Why? No fixes yet. They are reprogramming 3.8 via 3.8.4.
5. Don't put your butt on the line is the bottom line. You can still use
SKIP with 3.8 but you will not get a full mesh, but at least your butt will
not be toast when the line does not come back up in an hour.
6. An expert at Novell told me to go backt to 3.7. Ok I would, but there
is no support for 3.7. Novell has cut it own throat with 3.8. Too many
Indians and not enough chiefs in their India development center.
7. If you want to be a martyr, then you will need to contact Craig Johnson
at Craig Johnson consulting. He knows about all the bugs but would love to
chage you an arm and leg to fix them.
8. 3.8.4 beta is a rewrite. Do not be fooled. Back to the drawing board.
I hope that they get it write after they had 2 great products they
discontined such as 3.6 & 3.7. Imagine getting married to Elizabeth Hurley
and then dumping her at the alter. You need to have your head examined.
9. Anger management. You will need lots of anger managment therapy if you
install 3.8. and use site to site services. "I feel pretty, Oh so pretty!"
I guess that the SLAVES get wise and want equal rights because they refuse
to talk to the MASTER. They will not even talk to each other at times. I
guess that is when you have a riot on hand becuase the entire network
becomes chaos.
10. You buy a BMW not because it is a BMW but because of the reputation of
the BMW. 3.8 is a VolksWagon not a BMW. Try this. Onen up Inetcfg on the
Slave server. Pull the plug. Most of the time the server will not come
backup with the VPN services.
11. Product awards for 3.8 I guess that they did not show the viewers the
issues with the VPN site to site services.
12. All development is going to Linux. You are hosed if you do not listen
up. Two years to fix BM and I am not sure if they fixed it. Maybe they
should dump 3.8. Rewrite it, and then sell it as 3.9

Anyway, I think that about covers it. I feel much better. It will be
sometime before I can sit down because my butt has been chewed out from all
the VP's about the performace of BM 3.8

Hardware - New Dell's.