Hi there,<br><br><br>I have several tunnels that work just fine, but some times, when i change<br>the default route of the box, it has problems re initializing some of the<br>tunnels (not all of the tunnels to all hosts).<br>
<br>when i look at the packets, its sending the IKE packets from a source port<br>of 9 (this changes, not sure why) rather than source port of 500.<br><br>When the IKE daemon on the other end receives the packet, it ignores it and<br>
doesn't process it (even though the packet arrives [its not a firewall issue<br>restricting on source 500 to dest 500[)<br><br>Any thoughts on this?<br><br>If i restart IKE the problem doesn't stop, it re-occurs, and uses source<br>
port 9 again (as i mentioned, its not always 9, some times its port 1, or<br>3..)<br>perhaps 9 is the number of tunnels it has loaded at the time it fails?<br>because some of the tunnels are ok, and send from port 500, but others, use<br>
port 9 (or 1 3 etc...)<br><br>So i don't believe its a config issue, because a reboot of the box fixes the<br>problem, and it starts to send from port 500, as it did before the routes<br>were mixed with..<br><br><br>Openswan is compiled statically in the kernel, so i cant unload/reload the<br>
modules to see if that fixes the problem, my guess is it would .. however<br>the platform i have to administrate here enforces static kernels...<br><br>example packet is below (its tcpdump -s1515 -nv -X) with the data cut off,<br>
note the source port 100.10.x.y.9...<br><br><br><br>09:00:30.499168 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto: UDP<br>(17), length: 204) 100.10.x.y.9 > 100.20.x.y.500: isakmp 1.0 msgid : phase 1<br>I ident:<br>
(sa: doi=ipsec situation=identity<br> (p: #0 protoid=isakmp transform=4<br> (t: #0 id=ike (type=lifetype value=sec)(type=lifeduration<br>value=0e10)(type=enc value=3des)(type=hash value=md5)(type=auth value=rsa<br>
sig)(type=group desc value=0005))<br> (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration<br>value=0e10)(type=enc value=3des)(type=hash value=sha1)(type=auth value=rsa<br>sig)(type=group desc value=0005))<br>
(t: #2 id=ike (type=lifetype value=sec)(type=lifeduration<br>value=0e10)(type=enc value=3des)(type=hash value=sha1)(type=auth value=rsa<br>sig)(type=group desc value=modp1024))<br> (t: #3 id=ike (type=lifetype value=sec)(type=lifeduration<br>
value=0e10)(type=enc value=3des)(type=hash value=md5)(type=auth value=rsa<br>sig)(type=group desc value=modp1024))))<br><br><br><br>Thanks in advance.<br><br>Alex<br>