[Openswan Users] Protocols being stripped

Eaton, Andy Andy at seas.wustl.edu
Mon Feb 21 11:22:14 CET 2005


Hello all,

I have finally gotten OpenSWAN 2.3.0 up and connected to a Cisco 3030.
If I can figure out this last part, I will be extremely happy.  When I
am finished, I will gladly put together an extensive how to about how to
do this. There is quite a bit that has to happen cisco side that is
undocumented as well. As soon as Cisco knows what you are doing, "That
is unsupported sorry we can't help."

Anyway, I am not sure who to contact about putting a link on OpenSWAN's
site when I am finished.  On to the problem.

The problem that I am seeing is that the tcp port is being stripped out
of packets by the time it gets back to the tunneled machine.

For example:
	If I start a telnet on 80 from 4.225 to 16.31 in the following
scenario I see...
	
	192.168.4.225 --> OpenSWAN/GW --> Cisco 3030 --> 172.16.16.31

Ethereal Dump from 4.225 
Example to 16.31
192.168.4.225	172.16.16.31	TCP	4044 > http [SYN] Seq=0 Ack=0
Win=16384 Len=0 MSS=1460
172.16.16.31	192.168.4.225	TCP	1 > 4044 [SYN, ACK] Seq=0 Ack=1
Win=65535 Len=0 MSS=1460
192.168.4.225	172.16.16.31	TCP	4044 > 1 [RST] Seq=1
Ack=1889516043 Win=0 Len=0
192.168.4.225	172.16.16.31	TCP	4044 > http [SYN] Seq=0 Ack=0
Win=16384 Len=0 MSS=1460
172.16.16.31	192.168.4.225	TCP	[TCP Dup ACK 1631#1] 1 > 4044
[ACK] Seq=1 Ack=1 Win=65535 Len=0
192.168.4.225	172.16.16.31	TCP	4044 > 1 [RST] Seq=1
Ack=1889516043 Win=0 Len=0
172.16.16.31	192.168.4.225	TCP	1 > 4044 [SYN, ACK] Seq=0 Ack=1
Win=65535 Len=0 MSS=1460
192.168.4.225	172.16.16.31	TCP	4044 > 1 [RST] Seq=1
Ack=1889516043 Win=0 Len=0

Ethereal dump from 4.225
Example to Google
192.168.4.225	216.109.118.68	TCP	4063 > http [SYN] Seq=0 Ack=0
Win=16384 Len=0 MSS=1460
216.109.118.6	8192.168.4.225	TCP	http > 4063 [SYN, ACK] Seq=0
Ack=1 Win=65535 Len=0 MSS=1460
192.168.4.225	216.109.118.68	TCP	4063 > http [ACK] Seq=1 Ack=1
Win=17520 Len=0

As you can see, in the first example, the protocol that is returned to
the initiator is protocol 1 and not http.  Where as to google it comes
back correctly.

If I take a tcpdump at my OpenSWAN edge, I see the following:

At Openswan/gw edge  eth0
IP 24.107.189.229 > 128.252.21.15: ESP(spi=0x6311ab3b,seq=0x149)
IP 128.252.21.15 > 24.107.189.229: ESP(spi=0x9d28e7f2,seq=0x7b)
IP 172.16.16.31.80 > 192.168.4.225.4073: S 396238645:396238645(0) ack
848397758 win 65535 <mss 1460,nop,nop,sackOK>
IP 24.107.189.229 > 172.16.16.31: ESP(spi=0x6311ab3b,seq=0x14a)
IP 24.107.189.229 > 128.252.21.15: ESP(spi=0x6311ab3b,seq=0x14b)
IP 128.252.21.15 > 24.107.189.229: ESP(spi=0x9d28e7f2,seq=0x7c)
IP 172.16.16.31.80 > 192.168.4.225.4073: S 396238645:396238645(0) ack
848397758 win 65535 <mss 1460,nop,nop,sackOK>
IP 24.107.189.229 > 172.16.16.31: ESP(spi=0x6311ab3b,seq=0x14c)
IP 128.252.21.15 > 24.107.189.229: ESP(spi=0x9d28e7f2,seq=0x7d)
IP 172.16.16.31.80 > 192.168.4.225.4073: . ack 1 win 65535
IP 24.107.189.229 > 172.16.16.31: ESP(spi=0x6311ab3b,seq=0x14d)

The returned port is port 80 at eth0

I see the following as soon as it gets to vlan4:

At Openswan/gw Vlan4
IP 192.168.4.225.4089 > 172.16.16.31.80: S 419075865:419075865(0) win
16384 <mss 1460,nop,nop,sackOK>
IP 172.16.16.31.1 > 192.168.4.225.4089: S 2661280272:2661280272(0) ack
419075866 win 65535 <mss 1460,nop,nop,sackOK>
IP 192.168.4.225.4089 > 172.16.16.31.1: R 419075866:419075866(0) win 0
ethertype IPv4 (0x0800), length 62: IP 192.168.4.225.4089 >
172.16.16.31.80: S 419075865:419075865(0) win 16384 <mss
1460,nop,nop,sackOK>
IP 172.16.16.31.1 > 192.168.4.225.4089: . ack 1 win 65535
IP 192.168.4.225.4089 > 172.16.16.31.1: R 419075866:419075866(0) win 0
IP 172.16.16.31.1 > 192.168.4.225.4089: S 2661280272:2661280272(0) ack
419075866 win 65535 <mss 1460,nop,nop,sackOK>
IP 192.168.4.225.4089 > 172.16.16.31.1: R 419075866:419075866(0) win 0

Now the returned port is port 1 at vlan4.

It almost seems like a vlan issue.

Any help appreciated,

Thanks again,

Andrew Eaton



More information about the Users mailing list