[Openswan Users] Problems with multiple VPN tunnels and
RoadWarrios
Andrej Trobentar
andrej.trobentar at rikom.si
Wed Sep 7 11:53:49 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John A. Sullivan III wrote:
>
> A little more information would be helpful. Have you done a packet trace to see where the connectivity is
> breaking?
Here's another session log from ipsec0 interface :
1) Without the static tunnel up
- - doing a "ls -alRh /" on internal host (server.rikom)
10:42:19.557694 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1122 > 192.168.15.50.ssh: P
9308:9360(52) ack 28861 win 9220 (DF)}
10:42:19.558008 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 41: 192.168.15.50.ssh > 192.168.3.2.1122: . ack 9360 win 10720 (DF)
[tos 0x10] } (DF)
10:42:19.558349 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 93: 192.168.15.50.ssh > 192.168.3.2.1122: P 28861:28913(52) ack 9360
win 10720 (DF) [tos 0x10] } (DF)
10:42:19.562001 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 109: 192.168.15.50.ssh > 192.168.3.2.1122: P 28913:28981(68) ack
9360 win 10720 (DF) [tos 0x10] } (DF)
10:42:19.562956 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 157: 192.168.15.50.ssh > 192.168.3.2.1122: P 28981:29097(116) ack
9360 win 10720 (DF) [tos 0x10] } (DF)
10:42:19.837536 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1122 > 192.168.15.50.ssh: P
9360:9412(52) ack 28913 win 9168 (DF)}
10:42:19.838123 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1401: 192.168.15.50.ssh > 192.168.3.2.1122: . 29097:30457(1360) ack
9412 win 10720 (DF) [tos 0x10] } (DF)
10:42:19.838271 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1401: 192.168.15.50.ssh > 192.168.3.2.1122: . 30457:31817(1360) ack
9412 win 10720 (DF) [tos 0x10] } (DF)
10:42:19.907251 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1122 > 192.168.15.50.ssh: P
9412:9464(52) ack 28981 win 9100 (DF)}
10:42:19.907715 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1401: 192.168.15.50.ssh > 192.168.3.2.1122: . 31817:33177(1360) ack
9464 win 10720 (DF) [tos 0x10] } (DF)
10:42:19.907850 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1401: 192.168.15.50.ssh > 192.168.3.2.1122: . 33177:34537(1360) ack
9464 win 10720 (DF) [tos 0x10] } (DF)
10:42:20.007133 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1122 > 192.168.15.50.ssh: P
9464:9516(52) ack 29097 win 8984 (DF)}
10:42:20.007603 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1401: 192.168.15.50.ssh > 192.168.3.2.1122: . 34537:35897(1360) ack
9516 win 10720 (DF) [tos 0x10] } (DF)
10:42:20.007739 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1401: 192.168.15.50.ssh > 192.168.3.2.1122: . 35897:37257(1360) ack
9516 win 10720 (DF) [tos 0x10] } (DF)
10:42:20.387556 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1122 > 192.168.15.50.ssh: P
9516:9568(52) ack 30457 win 9520 (DF)}
10:42:20.388049 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1401: 192.168.15.50.ssh > 192.168.3.2.1122: . 37257:38617(1360) ack
9568 win 10720 (DF) [tos 0x10] } (DF)
10:42:20.388188 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1401: 192.168.15.50.ssh > 192.168.3.2.1122: . 38617:39977(1360) ack
9568 win 10720 (DF) [tos 0x10] } (DF)
As soon as I put the static tunnel up (and ping a host on the other end)
the log gets like this :
2) Wit the static tunnel up
- - doing a "ls -alRh /" on internal host (server.rikom)
10:46:05.727869 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1123 > 192.168.15.50.ssh: P
21088:21140(52) ack 66107 win 9520 (DF)}
10:46:05.787735 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1123 > 192.168.15.50.ssh: P
21140:21192(52) ack 66107 win 9520 (DF)}
10:46:05.788046 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 41: 192.168.15.50.ssh > 192.168.3.2.1123: . ack 21192 win 10720 (DF)
[tos 0x10] } (DF)
10:46:05.838172 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1123 > 192.168.15.50.ssh: P
21192:21244(52) ack 66107 win 9520 (DF)}
10:46:05.886957 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1123 > 192.168.15.50.ssh: P
21244:21296(52) ack 66107 win 9520 (DF)}
10:46:05.927659 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1123 > 192.168.15.50.ssh: P
21296:21348(52) ack 66107 win 9520 (DF)}
10:46:05.928105 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 41: 192.168.15.50.ssh > 192.168.3.2.1123: . ack 21348 win 10720 (DF)
[tos 0x10] } (DF)
10:46:05.977842 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1123 > 192.168.15.50.ssh: P
21348:21400(52) ack 66107 win 9520 (DF)}
10:46:06.057516 195.246.28.67.l2tp > 193.2.211.10.l2tp:
l2tp:[L](58959/38422) {IP 93: 192.168.3.2.1123 > 192.168.15.50.ssh: P
21400:21452(52) ack 66107 win 9520 (DF)}
10:46:06.057892 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 41: 192.168.15.50.ssh > 192.168.3.2.1123: . ack 21452 win 10720 (DF)
[tos 0x10] } (DF)
10:46:11.949561 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1384: truncated-ip - 17 bytes missing!192.168.15.50.ssh >
192.168.3.2.1123: . 66107:67467(1360) ack 21452 win 10720 (DF) [tos
0x10] } (frag 35299:1400 at 0+)
10:46:11.949664 193.2.211.10 > 195.246.28.67: (frag 35299:17 at 1400)
10:46:24.690026 193.2.211.10.l2tp > 195.246.28.67.l2tp: l2tp:[L](10/1)
{IP 1384: truncated-ip - 17 bytes missing!192.168.15.50.ssh >
192.168.3.2.1123: . 66107:67467(1360) ack 21452 win 10720 (DF) [tos
0x10] } (frag 35300:1400 at 0+)
10:46:24.690129 193.2.211.10 > 195.246.28.67: (frag 35300:17 at 1400)
Notice the "... truncated-ip - 17 bytes missing!..." errors. Any ideas?
- --
Greetings,
Andrej.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDHqqdVd/NU2yFfAoRAnn3AKD2Kv7AP+OBWlBs5H6/leSHlvg/TwCg1NCL
23nRrJKR422H3lltNYjQzAI=
=iR7w
-----END PGP SIGNATURE-----
More information about the Users
mailing list