[Openswan Users] L2TP/IPsec problem

Nico Schmoigl mailinglisten at schmoigl-online.de
Sun Aug 28 13:30:13 CEST 2005


Hi list members,

> Please note, that it is only 484 bytes long (with header 518 bytes). 
> The log of the windows client there says that it tried to sent that 
> 1956 bytes packet. Naturally, pluto does not get to know anything 
> about the contents of this packet. Therefore the log does not show 
> anything. And another strange thing: I only recieve this single IP 
> fragment - not two or three (3x484 is the first number which would be 
> larger than 1956). Could this be related to the fact, that the later 
> packets do not have an IP Header and therefore get discarded by the 
> sniffing program?

Here's a short update on the current progress on my problem:
I managed to get the connection working. I created another key (with 
certificates) that doesn't have that much X509 tags inside the 
certificate. However, the len of the packet in question still is 1956 
(no change here!). My assumption therefor goes into two directions: Either

    * the packet is filled with garbage information although the real
      data is within the first x bytes which don't get truncated by
      fragmentation, or
    * in my old certificate (which was created by PHPki) there is some
      field set, that OAKLEY doesn't like.

Are there any X509 experts around to whom I could send the certificate 
and try to track down at least my second assumption? Thanks, guys!

73
  Nico



More information about the Users mailing list