[Openswan Users] 1.0.8, strange problem with pings
Paul Wouters
paul at xelerance.com
Wed May 18 11:32:07 CEST 2005
On Wed, 18 May 2005, Dmitry Melekhov wrote:
[ intermittent packets getting lost in ipsec interface ]
>> Is your link perhaps congested?
>> Is there a icmp rate limit in the firewall?
>
> No.
>>> But other (not icmp) traffic works OK:
> There are no retransmissions.
> Again, if I ping from one host all is ok, if I ping from another packets are
> in ipsecX, but not in ethX...
> 100% reproducable until ipsec restart, after restart another host can't
> ping...
> Unfortunately this is software problem, I'm shure..
Then I'm afraid the only way I can think of to see what is really
happening is to run with plutodebug=all and klipsdebug=all, and running
a few tcpdump captures so we get a copy of the entire situation when
these packets "vanish". However, you cannot run long in such a configuration
because this will generate a lot of logging to disk.
Perhaps Michael has another suggestion?
Paul
More information about the Users
mailing list