[Openswan Users] Unusual packet loss
Philip Burrow
philburrow at blueyonder.co.uk
Mon Jan 24 02:15:12 CET 2005
Hi,
Firstly, I'm a new member to the list but I've been using
FreeSWAN/Openswan for a number of years now and always found it to be
excellent, so props to the developers and contributors.
To my point, I'm having an unusual problem with apparent packet loss
across a tunnel. Let me describe the set up. I have two machines running
Fedora 2, with 2.6.10 kernel and Openswan 2.3.0. Both are on ADSL
connections with 256k upstream operated by the same ISP.
The tunnels connect as expected. I receive no error messages. However
when I ping, the first 4 or 5 packets are dropped/lost. The sequence
then begins at about ping number 4 and continues with a sensible ping
until CTRL-C. I.e. a ping from the internal interface of one gateway to
the internal interface of the other:
[root at preston i386]# ping 10.0.3.1 -I 10.0.1.1
PING 10.0.3.1 (10.0.3.1) from 10.0.1.1 : 56(84) bytes of data.
64 bytes from 10.0.3.1: icmp_seq=4 ttl=64 time=63.2 ms
64 bytes from 10.0.3.1: icmp_seq=5 ttl=64 time=62.3 ms
64 bytes from 10.0.3.1: icmp_seq=6 ttl=64 time=64.9 ms
64 bytes from 10.0.3.1: icmp_seq=7 ttl=64 time=66.6 ms
64 bytes from 10.0.3.1: icmp_seq=8 ttl=64 time=62.6 ms
64 bytes from 10.0.3.1: icmp_seq=9 ttl=64 time=61.9 ms
64 bytes from 10.0.3.1: icmp_seq=10 ttl=64 time=64.0 ms
...
Then if I wait a minute and ping again, it begins from icmp_seq=0 as you
would expect from a normal ping.
Another example of strangeness is if I try and FTP across the tunnel. I
can log in and such, as expected, but it hangs when I request a
directory listing. I then tried to list the contents of a LDAP directory
on one gateway from the other gateway and it works, but only the first
10 lines of the dump actually appear and it hangs (should be thousands
of lines).
These things work when I stop IPSEC and try them. No losses on pings,
LDAP dump is a full dump, FTP directory listings work.
ipsec verify shows all as fine, and it does this whether or not I use a
firewall.
Any suggestions as to what may be causing this? From what I read in the
documentation it looks like MTU may be involved but I don't see why it
would be, and don't know what I can do to play with it. Guidance would
be appreciated!
Regards,
Phil
More information about the Users
mailing list