[Openswan Users] ipsec up, but not always transferring (fwd)
Daniel Fenert
daniel at fenert.net
Wed Sep 22 23:40:43 CEST 2004
W dniu Wed, Sep 22, 2004 at 05:04:04PM +0200, Daniel Fenert wystukał(a):
>W dniu Wed, Sep 22, 2004 at 09:02:57AM -0400, Michael Richardson wystukał(a):
>> Please confirm:
>> a) you are running
>> tcpdump -i ipsec0 -n -p
More data:
Non-working state: running pings from Win98 to SambaServer.
Tcpdump on internet iface on R3 says packets are going out:
22:12:44.453383 IP x.x.x.47 > y.y.y.170: ESP(spi=0x97dc1120,seq=0x1d)
On the other side, when started tcpdump on eth1 (not ipsec0 this time),
after 3 seconds, everything works, without promisc mode:
# tcpdump -p -n -i eth1 port not 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
22:13:07.370923 arp who-has x.x.x.47 tell y.y.y.170
22:13:08.370015 arp who-has x.x.x.47 tell y.y.y.170
22:13:09.370017 arp who-has x.x.x.47 tell y.y.y.170
22:13:09.535835 IP x.x.x.47 > y.y.y.170: ESP(spi=0x97dc1120,seq=0x26)
22:13:09.536113 IP y.y.y.170 > x.x.x.47: ESP(spi=0x7e43d320,seq=0x9e)
22:13:10.370845 arp who-has x.x.x.47 tell y.y.y.170
22:13:10.631093 IP x.x.x.47 > y.y.y.170: ESP(spi=0x97dc1120,seq=0x27)
22:13:10.631330 IP y.y.y.170 > x.x.x.47: ESP(spi=0x7e43d320,seq=0xa0)
22:13:11.370017 arp who-has x.x.x.47 tell y.y.y.170
22:13:11.637929 IP x.x.x.47 > y.y.y.170: ESP(spi=0x97dc1120,seq=0x28)
22:13:11.638156 IP y.y.y.170 > x.x.x.47: ESP(spi=0x7e43d320,seq=0xa2)
22:13:12.370015 arp who-has x.x.x.47 tell y.y.y.170
barf from R1 is here: daniel.fenert.net/barf.txt
One more thing which comes to my mind: Windows98 has lower MTU: 1492bytes.
--
Daniel Fenert --==> daniel at fenert.net <==--
==-P o w e r e d--b y--S l a c k w a r e-=-ICQ #37739641-==
If you keep an open mind people will throw a lot of garbage in it.
=======- http://daniel.fenert.net/ -=======< +48604628083 >
More information about the Users
mailing list