[Openswan Users] IP Truncated
Oliver Tomkins
oliver.tomkins at alliedvehicles.co.uk
Mon Oct 24 18:08:26 CEST 2005
I was using KLIPS. I've upgraded the kernel to 2.6.12 and now it's
using netkey with L2TP.
This has fixed the networking issue but it not appears we can only have
two connections at the same time!
We see the SA being established and then this in the l2tpd.log
Oct 24 16:56:43 ipsechost l2tpd[5498]: control_finish: Connection
established to XX.XXX.XXX.XXX, 1701. Local: 65527, Remote: 6. LNS
session is 'default'
Oct 24 16:56:43 ipsechost l2tpd[5498]: call_close: Call 2284 to
81.171.217.211 disconnected
Oct 24 16:56:46 ipsechost l2tpd[5498]: call_close : Connection 5 closed
to 81.171.217.211, port 1701 (Timeout)
Any ideas?
Thanks,
Olly.
Jacco de Leeuw wrote:
> Oliver Tomkins wrote:
>
>> When our remote users connect everything seems fine, however when
>> they try to connect to one of our applications it fails.
>>
>> tcpdump tells us this:
>> 15:27:59.571219 IP ipsec.domain.co.uk.l2tp > XXX.XXX.XXX.XXX.l2tp:
>> l2tp:[L](2/1) {IP truncated-ip - 742 bytes missing!
>> dbs.domain.co.uk.ms-sql-s > client.domain.co.uk.1161: P
>> 2358:3571(1213) ack 1116 win 64420}
>
> Tcpdump may be truncating the packets. Can you try with a larger snapshot
> length (e.g. -s 1500)? Are you using KLIPS or NETKEY? In the latter case,
> using tcpdump does not make much sense because of the way how NETKEY works.
>
> There could be an MTU problem. There are known problems with PMTU discovery
> in 2.6 kernels before 2.6.12, see also:
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#MTUproblems
>
>
> Jacco
The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk
More information about the Users
mailing list