[Openswan Users] Openswan + RHES 2.6 IPSEC strange problem
Matt Dainty
matt at xrefer.com
Mon Mar 29 15:53:58 CEST 2004
On Fri, Mar 26, 2004 at 05:11:38PM +0000, Matt Dainty wrote:
>
> I can start up Openswan and the tunnel gets created, and I can ping
> boxen back and forth from each side, but if I try and launch say an HTTP
> request from a client on the Openswan side to a webserver in the
> FreeS/WAN-protected network, the tunnel just freezes part-way through
> the client receiving the content from the webserver.
>
> I thought it was just Openswan until I realised all traffic on the same
> NIC freezes too. It appears to take a random amount of time and other
> non-IPSEC traffic and things unfreeze again. At no time is there any log
> messages from the kernel or anywhere else. There are two other NICs in
> the machine which are bridged together and these continue working
> throughout.
I've fixed this, rather obscure and unrelated. The ADSL router supplying
the Openswan box's net connection was playing up, I couldn't even get
the whole web status page from it via a locally-connected machine
without it being truncated, so it looks like it was randomly
dropping/chopping traffic, which I never managed to trigger with
'normal' net traffic. Power-cycled it and everything appears to be
working correctly. Odd.
I've hit on the tunnel now with some traffic and it's holding up nicely.
> Sniffing traffic on each endpoint from each other yields packets
> occasionally from the FreeS/WAN end to the Openswan end:
>
> Y.Y.Y.Y > X.X.X.X: ESP(spi=...,seq=...)
> truncated-ip - 16 bytes missing! Y.Y.Y.Y > <some weird IP> bad-hlen 12
> (ipip-proto-4)
> X.X.X.X > Y.Y.Y.Y: ESP(spi=...,seq=...)
This still happens, but AFAICT it's harmless. Right?
Cheers
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040329/bc483db7/attachment.bin
More information about the Users
mailing list