[Openswan Users] Hung sessions in 2.1. under 2.6.7
shane at howsyournetwork.com
Wed Aug 25 22:49:57 CEST 2004
Howdy all. I have a laptop running Gentoo linux that is acting as my firewall/vpn endpoint. Until recently, I was using Gentoo's hardened sources. Recently, they have dropped the KLIPS patches from their sources, so I had been patching the kernel manually. However, I was having some weird behavior so I jumped to 2.6.7 (Gentoo's hardened dev sources).
I built my VPN (under my old kernel) using Openswan 2.1.4 talking to a Cisco VPN Concentrator. It has been working without problems for quite some time.
However, after I migrated to 2.6.7 I ran into problems. First, I emerged ipsec-tools so that I could get setkey. After I got setkey (and rebuilt my kernel for ESP support) I was able to bring my VPN up.
I am able to ping across my VPN (even with 5k packets) without any problems. However, I can't browse webpages on remote servers, it transfers a tiny bit of the page (maybe the page title) and then it hangs. Also, I can ssh across the VPN, but if I do 'cat', 'vi' or even 'ls' (basically anything that would have transmitted text back to me) it will also hang. It sorta sounded like a MTU thing, but then I wouldn't expect the large pings to work.
I also tried to add compress=no to my ipsec.conf and that didn't seem to help. Has anyone seen behavior like this? I apologize if it's already been answered. I really did try and find the solution on my own.
Shane Hickey <shane at howsyournetwork.com>: Network/System Consultant
GPG KeyID: 777CBF3F
Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F
Listening to: The Cure - The Caterpillar (Flicker Mix)
More information about the Users