[Openswan Users] Problems with multiple VPN tunnels and RoadWarrios

Andrej Trobentar andrej.trobentar at rikom.si
Wed Sep 7 14:49:46 CEST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John A. Sullivan III wrote:
>
> Ah, interesting.  So I wonder if the problem is large file transfers or
> large packets.  You said that you could successfully ping.  What happens
> if you ping with a large packet size (ping -s or -l depending on your
> OS)? Do you break immediately? - John

Hello John,

First of all many thanks for your fast help!

Here's my test :

1) Only roadwarrior active
- - "ping <internal server>" OK
- - "ping -l 10240 <internal server>" OK

Here's the trace :
13:39:02.049680 192.168.3.2 > 192.168.15.50: icmp: echo request
13:39:02.050144 192.168.15.50 > 192.168.3.2: icmp: echo reply
13:39:03.049816 192.168.3.2 > 192.168.15.50: icmp: echo request
13:39:03.050275 192.168.15.50 > 192.168.3.2: icmp: echo reply
13:39:04.054154 192.168.3.2 > 192.168.15.50: icmp: echo request
13:39:04.054622 192.168.15.50 > 192.168.3.2: icmp: echo reply
13:39:05.047823 192.168.3.2 > 192.168.15.50: icmp: echo request
13:39:05.048300 192.168.15.50 > 192.168.3.2: icmp: echo reply


2) Roadwarrior active, static tunnel active
- - "ping <internal server>" OK
- - "ping -l 10240 <internal server>" FAILED

Here's the trace :
13:39:10.827497 192.168.3.2 > 192.168.15.50: icmp: echo request (frag
16076:1376 at 0+)
13:39:11.275483 192.168.3.2 > 192.168.15.50: (frag 16076:1376 at 1376+)
13:39:11.730919 192.168.3.2 > 192.168.15.50: (frag 16076:1376 at 2752+)
13:39:12.184639 192.168.3.2 > 192.168.15.50: (frag 16076:1376 at 4128+)
13:39:12.653270 192.168.3.2 > 192.168.15.50: (frag 16076:1376 at 5504+)
13:39:13.100017 192.168.3.2 > 192.168.15.50: (frag 16076:1376 at 6880+)
13:39:13.530420 192.168.3.2 > 192.168.15.50: (frag 16076:1376 at 8256+)
13:39:13.743678 192.168.3.2 > 192.168.15.50: (frag 16076:616 at 9632)


So it has something to do with the size. The static tunnel works without
problems (even large pings). Any other ideas? Please tell me if you need
any more info.

- --
Greetings from Slovenia,

	Andrej.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDHtPaVd/NU2yFfAoRAub3AJ95R/2MxD53N1rlZh6jHtjl4LTeogCghs4K
h7QO0GLla0FtBOfqCziQrk0=
=uG4y
-----END PGP SIGNATURE-----

More information about the Users mailing list