[Openswan Users] stuck in STATE_MAIN_I3/STATE_MAIN_R2

Oskar Liljeblad oskar at osk.mine.nu
Tue Oct 12 08:34:36 CEST 2004


On Tuesday, October 12, 2004 at 12:47, Herbert Xu wrote:
> Oskar Liljeblad <oskar at osk.mine.nu> wrote:
> > 
> > With tcpdump I'm seeing these packets on alpha:
> > 
> > 17:31:29.274391 IP alpha.isakmp > beta.isakmp: isakmp: phase 1 I ident
> > 17:31:29.292350 IP beta.isakmp > alpha.isakmp: isakmp: phase 1 R ident
> > 17:31:29.320873 IP alpha.isakmp > beta.isakmp: isakmp: phase 1 I ident
> > 17:31:29.396066 IP beta.isakmp > alpha.isakmp: isakmp: phase 1 R ident
> > 17:31:29.518108 IP alpha.isakmp > beta.isakmp: isakmp: phase 1 I ident[E]
> 
> The last packet never shows up on beta.  This is clearly a network
> problem.  Check the packet size with tcpdump -v and see if there is
> an MTU issue on that path.

The last packet among the five packets above is:

07:28:05.646761 IP (tos 0x0, ttl  64, id 764, offset 0, flags [+], length:
1500) alpha.isakmp > beta.isakmp: isakmp 1.0 msgid : phase 1 I ident[E]:
[encrypted id] (len mismatch: isakmp 1652/ip 1472)

If I make beta initiator, this is the last packet:

07:33:38.791543 IP (tos 0x0, ttl  64, id 7198, offset 0, flags [+], length:
1500) beta.isakmp > erikslust-56-10.ip-pluggen.com.isakmp: isakmp 1.0 msgid
: phase 1 ? ident[E]: [encrypted id] (len mismatch: isakmp 1644/ip 1472)

So it's an MTU issue? MTU on the internet-interface is 1500 on both
machines.

Regards,

Oskar Liljeblad (oskar at osk.mine.nu)


More information about the Users mailing list