[Openswan Users] Packets being dropped

Jeremy Mann jrmann1999 at gmail.com
Sat May 7 14:01:43 CEST 2005


>From my win2k device behind a Dlink gateway...

tracert 192.168.1.75

1     2ms        1ms        2ms         10.10.0.245
2    37ms        37ms        37ms         192.168.1.75

10.10.0.245 is the ip address of my gateway device(the dlink)

my local ip address on this machine is 10.10.0.248

I could ping the link forever and never get a drop or timeout, it's
solely when I send any other type of data across the route...

>From the other end:

chat root # traceroute 10.10.0.148
traceroute to 10.10.0.148 (10.10.0.148), 30 hops max, 40 byte packets
 1  192.168.1.102 (192.168.1.102)  0.464 ms  0.455 ms  0.362 ms
 2  10.10.0.148 (10.10.0.148)  36.466 ms  42.440 ms  38.211 ms


192.168.1.102 is the remote network openswan server, the local ip
address was 192.168.1.75

As I understand it the 2.6 code doesn't allow the openswan gateway to
ping anything(and it is evidenced by it trying to send private ip
addresses out the public internet gateway).  Could that have anything
to do with it?

Tracing route 

On 5/7/05, lee hughes <toxicnaan at gmail.com> wrote:
> you've got a few
> 
>  carrier:6          collisions:36887 txqueuelen:1000
> 
> on your tx eth1, nothing ot be worried about, but might indicate a
> faulty card (if it's connected to a switch).
> 
> might be a MTU packet size problem, try pinging the remote gateway
> with different size packets, and post you results..
> 
> some diag from the remote end may be useful.
> 
> also, a traceroute or tracepath of the internet route between you and
> your remote gateway,
> looks for unsually large number of hops, or packet loss.
> 
> has this link been working before? or is a new link?
> 
> On 5/7/05, Jeremy Mann <jrmann1999 at gmail.com> wrote:
> > I am experiencing a problem with packets needing retransmission.  I'm
> > doing a gateway to gateway connection from my home(dynamic IP) to my
> > office.  The tunnel never dies, but if I try to do an SSH session
> > across the tunnel, I can login just fine but running a ps -ef or top
> > or whatever displays a little text then just locks up.  I've done a
> > tethereal dump and this is what I see:
> >
> > root@$ tethereal -f 'net 10.10.0.0/24' -i eth1
> > ...
> >  6.149398  10.10.0.148 -> 192.168.1.75 TCP [TCP Dup ACK 115#4] 2347 >
> > ssh [ACK] Seq=2216 Ack=2651 Win=16404 Len=0 SLE=2318769310
> > SRE=2318769366 SLE=2318767850 SRE=2318767906
> >   6.149526  10.10.0.148 -> 192.168.1.75 TCP [TCP Dup ACK 115#5] 2347 >
> > ssh [ACK] Seq=2216 Ack=2651 Win=16404 Len=0 SLE=2318769310
> > SRE=2318769366 SLE=2318767850 SRE=2318767906
> >   6.282641 192.168.1.75 -> 10.10.0.148  SSHv2 [TCP Retransmission]
> > Encrypted response packet len=1404
> >   6.786695 192.168.1.75 -> 10.10.0.148  SSHv2 [TCP Retransmission]
> > Encrypted response packet len=1404
> >   7.794792 192.168.1.75 -> 10.10.0.148  SSHv2 [TCP Retransmission]
> > Encrypted response packet len=1404
> >   9.810995 192.168.1.75 -> 10.10.0.148  SSHv2 [TCP Retransmission]
> > Encrypted response packet len=1404
> >  13.843391 192.168.1.75 -> 10.10.0.148  SSHv2 [TCP Retransmission]
> > Encrypted response packet len=1404
> >
> > The last bit happens over and over, which makes me thing something is
> > being dropped.  Attached is the output of ipsec barf, I could use some
> > help if possible....
> >
> > The tunnel in question is home-tunnel, and I added ip addresses to my
> > ethernet interfaces with ip addr add instead of doing an ifconfig
> > eth0:#
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
> >
> >
> >
>


More information about the Users mailing list