[Openswan Users] stuck in STATE_MAIN_I3/STATE_MAIN_R2
Herbert Xu
herbert at gondor.apana.org.au
Wed Oct 13 19:18:27 CEST 2004
On Tue, Oct 12, 2004 at 07:51:41PM +1000, herbert wrote:
> On Tue, Oct 12, 2004 at 07:34:36AM +0200, Oskar Liljeblad wrote:
> >
> > The last packet among the five packets above is:
> >
> > 07:28:05.646761 IP (tos 0x0, ttl 64, id 764, offset 0, flags [+], length:
> > 1500) alpha.isakmp > beta.isakmp: isakmp 1.0 msgid : phase 1 I ident[E]:
> > [encrypted id] (len mismatch: isakmp 1652/ip 1472)
>
> Unless your tcpdump command is broken, this looks like an openswan
Actually I misread your packet dump. The flag '+' above indicates that
this is a fragment. So it looks like something in the path can't deal
with fragments. This is confirmed by your ping results as 1473 is the
smallest ICMP payload where you start getting fragments with an MTU of
1500.
Do a traceroute from alpha to beta and ping -s 1473 each hop to discover
where the problem is.
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Users
mailing list