8/8/12 07:57 pm
So.. after more than a week of harvering on about how an external user can't connect via the VPN to one particular system, in spite of there being no evidence of them trying to connect at all, no real tools offered to me to attempt to solve the problem leaving me to rely on just your say-so, showing you there are no user ACLs on that system, no internal firewalls, TCP wrappers spread to the widest of internal allowables you spend the time to write up a detailed date-by-date care bear-level complaint/report of who did what and when and then send that to me and the management.
What a shame that today was also the day that I'd gotten just a bit too whacked off with your endless mithering, and what looked like a fairly obvious attempt by you to enveigle the situation and had taken my laptop in with me, connected it to the net via my IP dongle (making it truely an "outside connection"), had gone in via the SAME VPN and discovered that sure enough you can't connect to that particular system but... you can't connect to any other system in the same damn subnet! Are you sure there's a route through to 192.168.3.x?
While I don't always do it I do try and stick to the words of one Sherlock Holmes: "When you have eliminated all other candidates, then the last remaining candidate must be the culprit, no matter how implausible".
And this is so true in this case. The network dr00g had followed the protocol of diagnosing the problem exactly as it had been reported with no attempt to "think outside the box", diagnose the process chain meaning that there could only be one culprit, which was the system. The culprit had already been determined, it was just a case of proving the guilt. However he had missed the slight detail that there were more possible candidates in the chain and he had just ignored them. He had put blind faith in his setup "to work" so the culprit "must be the system". However, when you can show that every other system in the same subnet is also uncontactable then the finger of blame suddenly turns back on ....the VPN! Quelle surprise!
In a way I am majorly pissed off about this as the guy has been calling my judgement and diagnosis into question for over a week, wasting my time debugging his problem when a very simple thought train of "Can I connect to anywhere else from here? Does this problem show up elsewhere?" would have shown him that the problem was a little closer to his own doorstep than he wanted to admit.
So I just punched that problem right out of the ring.
I'm the first to admit that I'm not really the "grand master" of any particular trade more than a rather commited dabbler in a few. However when you get to the point where you can't even follow the basic 101 techniques of diagnosing problems in your own field and just try and palm them off as MY problem, don't be surprised if I suddenly get uber-L337 geek-god on you and shove the proof that the fault is most likely yours firmly up your hiney!
You don't get to do this sh!t for more than 30 years without learning at least a few basics.