[Openswan Users] stuck in STATE_MAIN_I3/STATE_MAIN_R2
Oskar Liljeblad
oskar at osk.mine.nu
Tue Oct 12 08:34:36 CEST 2004
On Tuesday, October 12, 2004 at 12:47, Herbert Xu wrote:
> Oskar Liljeblad <oskar at osk.mine.nu> wrote:
> >
> > With tcpdump I'm seeing these packets on alpha:
> >
> > 17:31:29.274391 IP alpha.isakmp > beta.isakmp: isakmp: phase 1 I ident
> > 17:31:29.292350 IP beta.isakmp > alpha.isakmp: isakmp: phase 1 R ident
> > 17:31:29.320873 IP alpha.isakmp > beta.isakmp: isakmp: phase 1 I ident
> > 17:31:29.396066 IP beta.isakmp > alpha.isakmp: isakmp: phase 1 R ident
> > 17:31:29.518108 IP alpha.isakmp > beta.isakmp: isakmp: phase 1 I ident[E]
>
> The last packet never shows up on beta. This is clearly a network
> problem. Check the packet size with tcpdump -v and see if there is
> an MTU issue on that path.
The last packet among the five packets above is:
07:28:05.646761 IP (tos 0x0, ttl 64, id 764, offset 0, flags [+], length:
1500) alpha.isakmp > beta.isakmp: isakmp 1.0 msgid : phase 1 I ident[E]:
[encrypted id] (len mismatch: isakmp 1652/ip 1472)
If I make beta initiator, this is the last packet:
07:33:38.791543 IP (tos 0x0, ttl 64, id 7198, offset 0, flags [+], length:
1500) beta.isakmp > erikslust-56-10.ip-pluggen.com.isakmp: isakmp 1.0 msgid
: phase 1 ? ident[E]: [encrypted id] (len mismatch: isakmp 1644/ip 1472)
So it's an MTU issue? MTU on the internet-interface is 1500 on both
machines.
Regards,
Oskar Liljeblad (oskar at osk.mine.nu)
More information about the Users
mailing list