[Openswan Users] TCP problem

Jochen Witte jwitte at alpha-lab.net
Fri Feb 25 22:12:23 CET 2005


Hello,

I have a strange problem using OpenSWAN on Fedora 3 (Kernel 2.6). Ping is
OK, but some TCP connections do not work with the other end (which is
FreeSWAN , 2.4).

This is a try to connect to cvs (pserver) on my internal interface:

---snip---
Capturing on eth0
  0.000000  10.128.0.23 -> 10.49.2.2    TCP 45811 > cvspserver [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=383854937 TSER=0 WS=0
  0.031219    10.49.2.2 -> 10.128.0.23  TCP cvspserver > 45811 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=61373806 TSER=383854937 WS=0
  0.031343  10.128.0.23 -> 10.49.2.2    TCP 45811 > cvspserver [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=383854940 TSER=61373806
  0.031433  10.128.0.23 -> 10.49.2.2    TCP 45811 > cvspserver [PSH, ACK] Seq=1 Ack=1 Win=5840 Len=27 TSV=383854940 TSER=61373806
  0.265066  10.128.0.23 -> 10.49.2.2    TCP [TCP Retransmission] 45811 > cvspserver [PSH, ACK] Seq=1 Ack=1 Win=5840 Len=27 TSV=383854964 TSER=61373806
  0.745014  10.128.0.23 -> 10.49.2.2    TCP [TCP Retransmission] 45811 > cvspserver [PSH, ACK] Seq=1 Ack=1 Win=5840 Len=27 TSV=383855012 TSER=61373806
  1.704899  10.128.0.23 -> 10.49.2.2    TCP [TCP Retransmission] 45811 > cvspserver [PSH, ACK] Seq=1 Ack=1 Win=5840 Len=27 TSV=383855108 TSER=61373806
---snip---

and her on the external interface:

---snip---
Capturing on eth1
  0.000000    10.49.2.2 -> 10.128.0.23  TCP cvspserver > 45811 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=61373806 TSER=383854937 WS=0
  0.029977    10.49.2.2 -> 10.128.0.23  TCP cvspserver > 45811 [ACK] Seq=1 Ack=28 Win=5792 Len=0 TSV=61373810 TSER=383854940
  0.030347 my_ext_ip -> 10.49.2.2    ESP ESP (SPI=0xc21dfcd0)
  0.264035    10.49.2.2 -> 10.128.0.23  TCP cvspserver > 45811 [ACK] Seq=1 Ack=28 Win=5792 Len=0 TSV=61373833 TSER=383854964 SLE=572492295 SRE=572492322
  0.264379 my_ext_ip -> 10.49.2.2    ESP ESP  (SPI=0xc21dfcd0)
  0.744041    10.49.2.2 -> 10.128.0.23  TCP cvspserver > 45811 [ACK] Seq=1  Ack=28 Win=5792 Len=0 TSV=61373881 TSER=383855012 SLE=572492295
  SRE=572492322 
  0.744383 my_ext_ip -> 10.49.2.2    ESP ESP
  (SPI=0xc21dfcd0) 
  1.704042    10.49.2.2 -> 10.128.0.23  TCP cvspserver >
  45811 [ACK] Seq=1 Ack=28 Win=5792 Len=0 TSV=61373977 TSER=383855108
  SLE=572492295 SRE=572492322 
  1.704358 my_ext_ip -> 10.49.2.2    ESP
  ESP (SPI=0xc21dfcd0) 
  3.623992    10.49.2.2 -> 10.128.0.23  TCP cvspserver > 45811 [ACK] Seq=1
  Ack=28 Win=5792 Len=0 TSV=61374169 TSER=383855300 SLE=572492295
  SRE=572492322
---snip---

Is this a MTU problem. Or what? Why do I see these packages on my external
interface anyway? Should'nt it be ESP-packets? 

Thanks in advance
Jochen






More information about the Users mailing list