Hi there,<br><br>this may be more of a question for the users list, but i think this is more of a bug than a config issue.<br><br>I have several tunnels that work just fine, but some times, when i change the default route of the box, it has problems re initializing some of the tunnels (not all of the tunnels to all hosts).<br>
<br>when i look at the packets, its sending the IKE packets from a source port of 9 (this changes, not sure why) rather than source port of 500.<br><br>When the IKE daemon on the other end receives the packet, it ignores it and doesn't process it (even though the packet arrives [its not a firewall issue restricting on source 500 to dest 500[)<br>
<br>Any thoughts on this? <br><br>If i restart IKE the problem doesn't stop, it re-occurs, and uses source port 9 again (as i mentioned, its not always 9, some times its port 1, or 3..)<br>perhaps 9 is the number of tunnels it has loaded at the time it fails? because some of the tunnels are ok, and send from port 500, but others, use port 9 (or 1 3 etc...)<br>
<br>So i don't believe its a config issue, because a reboot of the box fixes the problem, and it starts to send from port 500, as it did before the routes were mixed with..<br><br><br>Openswan is compiled statically in the kernel, so i cant unload/reload the modules to see if that fixes the problem, my guess is it would .. however the platform i have to administrate here enforces static kernels...<br>
<br>example packet is below (its tcpdump -s1515 -nv -X) with the data cut off, note the source port 100.10.x.y.9...<br><br><br><br>09:00:30.499168 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto: UDP (17), length: 204) 100.10.x.y.9 > 100.20.x.y.500: isakmp 1.0 msgid : phase 1 I ident:<br>
(sa: doi=ipsec situation=identity<br> (p: #0 protoid=isakmp transform=4<br> (t: #0 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=hash value=md5)(type=auth value=rsa sig)(type=group desc value=0005))<br>
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=hash value=sha1)(type=auth value=rsa sig)(type=group desc value=0005))<br> (t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=hash value=sha1)(type=auth value=rsa sig)(type=group desc value=modp1024))<br>
(t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=hash value=md5)(type=auth value=rsa sig)(type=group desc value=modp1024))))