[Openswan Users] 1.0.8, strange problem with pings
mcr
mcr at sandelman.ottawa.on.ca
Wed May 18 23:17:20 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
>>> Is your link perhaps congested? Is there a icmp rate limit in
>>> the firewall?
>> No.
>>>> But other (not icmp) traffic works OK:
>> There are no retransmissions. Again, if I ping from one host all
>> is ok, if I ping from another packets are in ipsecX, but not in
>> ethX... 100% reproducable until ipsec restart, after restart
>> another host can't ping...
>> Unfortunately this is software problem, I'm shure..
Paul> Then I'm afraid the only way I can think of to see what is
Paul> really happening is to run with plutodebug=all and
Paul> klipsdebug=all, and running a few tcpdump captures so we get a
Paul> copy of the entire situation when these packets
Paul> "vanish". However, you cannot run long in such a configuration
Paul> because this will generate a lot of logging to disk.
Paul> Perhaps Michael has another suggestion?
you can dispense with plutodebug=all, that won't help/hinder.
(reduces the logs a bit)
klipsdebug, you can restrict this to "rcv" or "tunnel-xmit".
I'm unclear from the description if this is upon receipt or sending
that packets are going missing.
Certainly, tcpdump on all interfaces to be sure...
- --
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQov3LIqHRg3pndX9AQGRhgQA0h5DFOJ0gqCmjiV/n/iazICeOX/zpsQv
p0FHeOltkW84SQcWMNNLs61z2M4XK4cbKlyKdmZQ2eBlaNp9iGQhr5suxa3OzGuN
jJBSdUXwm/AfR3pnj8sRnbfEnmRsabIO3L/rjBkbErqoVm8S55GywfbwDbBKqOY7
jTbB9Ab7DEg=
=JE3D
-----END PGP SIGNATURE-----
More information about the Users
mailing list