[Openswan Users] 1.0.8, strange problem with pings

Dmitry Melekhov dm at belkam.com
Fri May 20 09:48:08 CEST 2005


mcr wrote:

>  klipsdebug, you can restrict this to "rcv" or "tunnel-xmit".
>  I'm unclear from the description if this is upon receipt or sending
>that packets are going missing.  
>  
>  Certainly, tcpdump on all interfaces to be sure...
>  
>

OK. I reproduced this problem with debug.

Here is what I see:

May 20 03:31:38 vpn_22_203 kernel: klips_debug:   IP: ihl:20 ver:4 tos:0 
tlen:84 id:64889 DF frag_off:0 ttl:61 proto:1 (ICMP) chk:14593 sad
dr:192.168.22.220 daddr:192.168.111.1 type:code=8:0
May 20 03:31:38 vpn_22_203 kernel: klips_debug:ipsec_tunnel_start_xmit: 
checking for local udp/500 IKE packet saddr=c0a816dc, er=cfa7b9c0,
daddr=c0a86f01, er_dst=0, proto=1 sport=0 dport=0
May 20 03:31:38 vpn_22_203 kernel: klips_debug:ipsec_tunnel_start_xmit: 
shunt SA of HOLD: skb stored in HOLD.


As I wrote I see packets on ipsec2, but there are no packets on eth2

If I ping from different ip I get:



May 20 03:44:47 vpn_22_203 kernel: klips_debug:   IP: ihl:20 ver:4 tos:0 
tlen:84 id:43 DF frag_off:0 ttl:61 proto:1 (ICMP) chk:13895 saddr:
192.168.22.229 daddr:192.168.111.1 type:code=8:0
May 20 03:44:47 vpn_22_203 kernel: klips_debug:ipsec_tunnel_start_xmit: 
checking for local udp/500 IKE packet saddr=c0a816e5, er=cfa7b0c0,
daddr=c0a86f01, er_dst=ac100414, proto=1 sport=0 dport=0
May 20 03:44:47 vpn_22_203 kernel: klips_debug:ipsec_tunnel_start_xmit: 
found Tunnel Descriptor Block -- SA:<IPIP> tun0x100e at 172.16.4.20
May 20 03:44:47 vpn_22_203 kernel: klips_debug:ipsec_tunnel_start_xmit: 
after <IPIP>, SA:tun0x100e at 172.16.4.20:
May 20 03:44:47 vpn_22_203 kernel: klips_debug:   IP: ihl:20 ver:4 tos:0 
tlen:104 id:29910 frag_off:0 ttl:64 proto:4 chk:42373 saddr:172.16
.4.2 daddr:172.16.4.20
May 20 03:44:47 vpn_22_203 kernel: klips_debug:ipsec_tunnel_start_xmit: 
after <ESP_3DES_HMAC_MD5>, SA:esp0x2ef00086 at 172.16.4.20:
May 20 03:44:47 vpn_22_203 kernel: klips_debug:   IP: ihl:20 ver:4 tos:0 
tlen:136 id:29910 frag_off:0 ttl:64 proto:50 chk:42295 saddr:172.1
6.4.2 daddr:172.16.4.20
May 20 03:44:47 vpn_22_203 kernel: klips_debug:ipsec_tunnel_start_xmit: 
...done, calling ip_send() on device:eth2






More information about the Users mailing list