[Openswan Users] Problems with multiple VPN tunnels and
RoadWarrios
Andrej Trobentar
andrej.trobentar at rikom.si
Thu Sep 8 12:35:14 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John A. Sullivan III wrote:
>>
>>Here's my test :
>>
>>1) Only roadwarrior active
>>- - "ping <internal server>" OK
>>- - "ping -l 10240 <internal server>" OK
>>
>>Here's the trace :
>>13:39:02.049680 192.168.3.2 > 192.168.15.50: icmp: echo request
>>13:39:02.050144 192.168.15.50 > 192.168.3.2: icmp: echo reply
>>13:39:03.049816 192.168.3.2 > 192.168.15.50: icmp: echo request
>>13:39:03.050275 192.168.15.50 > 192.168.3.2: icmp: echo reply
>>13:39:04.054154 192.168.3.2 > 192.168.15.50: icmp: echo request
>>13:39:04.054622 192.168.15.50 > 192.168.3.2: icmp: echo reply
>>13:39:05.047823 192.168.3.2 > 192.168.15.50: icmp: echo request
>>13:39:05.048300 192.168.15.50 > 192.168.3.2: icmp: echo reply
Sorry, I posted the wrong trace. Here is the right one :
1) Only roadwarrior active (static tunnel down)
- - "ping -n 3 -w 10000 -l 10240 <internal server>" OK
Trace on ppp0 interface :
10:58:04.756663 192.168.3.2 > 192.168.15.50: icmp: echo request (frag
2381:1376 at 0+)
10:58:05.210018 192.168.3.2 > 192.168.15.50: (frag 2381:1376 at 1376+)
10:58:05.664597 192.168.3.2 > 192.168.15.50: (frag 2381:1376 at 2752+)
10:58:06.118750 192.168.3.2 > 192.168.15.50: (frag 2381:1376 at 4128+)
10:58:06.601797 192.168.3.2 > 192.168.15.50: (frag 2381:1376 at 5504+)
10:58:07.019152 192.168.3.2 > 192.168.15.50: (frag 2381:1376 at 6880+)
10:58:07.471866 192.168.3.2 > 192.168.15.50: (frag 2381:1376 at 8256+)
10:58:07.655055 192.168.3.2 > 192.168.15.50: (frag 2381:616 at 9632)
10:58:07.657233 192.168.15.50 > 192.168.3.2: icmp: echo reply (frag
13018:1376 at 0+)
10:58:07.657248 192.168.15.50 > 192.168.3.2: (frag 13018:1376 at 1376+)
10:58:07.657260 192.168.15.50 > 192.168.3.2: (frag 13018:1376 at 2752+)
10:58:07.657271 192.168.15.50 > 192.168.3.2: (frag 13018:1376 at 4128+)
10:58:07.657273 192.168.15.50 > 192.168.3.2: (frag 13018:1376 at 5504+)
10:58:07.657330 192.168.15.50 > 192.168.3.2: (frag 13018:1376 at 6880+)
10:58:07.657354 192.168.15.50 > 192.168.3.2: (frag 13018:1376 at 8256+)
10:58:07.657620 192.168.15.50 > 192.168.3.2: (frag 13018:616 at 9632)
10:58:13.549765 192.168.3.2 > 192.168.15.50: icmp: echo request (frag
2392:1376 at 0+)
10:58:14.004687 192.168.3.2 > 192.168.15.50: (frag 2392:1376 at 1376+)
10:58:14.465837 192.168.3.2 > 192.168.15.50: (frag 2392:1376 at 2752+)
10:58:14.933238 192.168.3.2 > 192.168.15.50: (frag 2392:1376 at 4128+)
10:58:15.379927 192.168.3.2 > 192.168.15.50: (frag 2392:1376 at 5504+)
10:58:15.831569 192.168.3.2 > 192.168.15.50: (frag 2392:1376 at 6880+)
10:58:16.250586 192.168.3.2 > 192.168.15.50: (frag 2392:1376 at 8256+)
10:58:16.456438 192.168.3.2 > 192.168.15.50: (frag 2392:616 at 9632)
10:58:16.458610 192.168.15.50 > 192.168.3.2: icmp: echo reply (frag
13019:1376 at 0+)
10:58:16.458626 192.168.15.50 > 192.168.3.2: (frag 13019:1376 at 1376+)
10:58:16.458653 192.168.15.50 > 192.168.3.2: (frag 13019:1376 at 2752+)
10:58:16.458664 192.168.15.50 > 192.168.3.2: (frag 13019:1376 at 4128+)
10:58:16.458666 192.168.15.50 > 192.168.3.2: (frag 13019:1376 at 5504+)
10:58:16.458727 192.168.15.50 > 192.168.3.2: (frag 13019:1376 at 6880+)
10:58:16.458738 192.168.15.50 > 192.168.3.2: (frag 13019:1376 at 8256+)
10:58:16.458979 192.168.15.50 > 192.168.3.2: (frag 13019:616 at 9632)
Trace on ipsec0 interface :
11:08:10.527335 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 59: 192.168.3.2.1029 > 192.168.15.1.domain:
10729+[|domain]}
11:08:10.527620 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 134: 192.168.15.1.domain > 192.168.3.2.1029: 10729
NXDomain[|domain] (DF)} (DF)
11:08:10.761411 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 72: 192.168.3.2.1029 > 192.168.15.1.domain:
51691+[|domain]}
11:08:10.761940 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 161: 192.168.15.1.domain > 192.168.3.2.1029: 51691*[|domain] (DF)} (DF)
11:08:11.454528 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: icmp: echo
request (frag 2895:1376 at 0+)}
11:08:11.907202 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2895:1376 at 1376+)}
11:08:12.361858 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2895:1376 at 2752+)}
11:08:12.815708 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2895:1376 at 4128+)}
11:08:13.299623 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2895:1376 at 5504+)}
11:08:13.715742 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2895:1376 at 6880+)}
11:08:14.168075 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2895:1376 at 8256+)}
11:08:14.352820 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 637: 192.168.3.2 > 192.168.15.50: (frag
2895:616 at 9632)}
11:08:14.355266 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: icmp: echo reply (frag
13035:1376 at 0+)} (DF)
11:08:14.355373 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13035:1376 at 1376+)} (DF)
11:08:14.355524 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13035:1376 at 2752+)} (DF)
11:08:14.355630 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13035:1376 at 4128+)} (DF)
11:08:14.355753 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13035:1376 at 5504+)} (DF)
11:08:14.355858 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13035:1376 at 6880+)} (DF)
11:08:14.355961 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13035:1376 at 8256+)} (DF)
11:08:14.356060 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 637: 192.168.15.50 > 192.168.3.2: (frag 13035:616 at 9632)} (DF)
11:08:17.638776 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: icmp: echo
request (frag 2906:1376 at 0+)}
11:08:18.092453 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2906:1376 at 1376+)}
11:08:18.545142 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2906:1376 at 2752+)}
11:08:18.999619 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2906:1376 at 4128+)}
11:08:19.465229 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2906:1376 at 5504+)}
11:08:19.917615 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2906:1376 at 6880+)}
11:08:20.336312 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
2906:1376 at 8256+)}
11:08:20.537547 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 637: 192.168.3.2 > 192.168.15.50: (frag
2906:616 at 9632)}
11:08:20.542779 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: icmp: echo reply (frag
13036:1376 at 0+)} (DF)
11:08:20.542911 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13036:1376 at 1376+)} (DF)
11:08:20.543084 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13036:1376 at 2752+)} (DF)
11:08:20.543211 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13036:1376 at 4128+)} (DF)
11:08:20.543353 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13036:1376 at 5504+)} (DF)
11:08:20.543545 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13036:1376 at 6880+)} (DF)
11:08:20.543693 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: (frag 13036:1376 at 8256+)} (DF)
11:08:20.543818 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 637: 192.168.15.50 > 192.168.3.2: (frag 13036:616 at 9632)} (DF)
Everything looks OK.
Here comes the funny part now (test 2).
2) The roadwarrior tunnel up and the static tunnel up
- - "ping -n 3 -w 10000 -l 10240 <internal server>" FAILED ("Request
timed out" on Windows XP notebook)
Trace on ppp0 interface :
11:00:35.787590 192.168.3.2 > 192.168.15.50: icmp: echo request (frag
2585:1376 at 0+)
11:00:36.243428 192.168.3.2 > 192.168.15.50: (frag 2585:1376 at 1376+)
11:00:36.695949 192.168.3.2 > 192.168.15.50: (frag 2585:1376 at 2752+)
11:00:37.148897 192.168.3.2 > 192.168.15.50: (frag 2585:1376 at 4128+)
11:00:37.612016 192.168.3.2 > 192.168.15.50: (frag 2585:1376 at 5504+)
11:00:38.065546 192.168.3.2 > 192.168.15.50: (frag 2585:1376 at 6880+)
11:00:38.484157 192.168.3.2 > 192.168.15.50: (frag 2585:1376 at 8256+)
11:00:38.707614 192.168.3.2 > 192.168.15.50: (frag 2585:616 at 9632)
11:00:38.709779 192.168.15.50 > 192.168.3.2: icmp: echo reply (frag
13022:1376 at 0+)
11:00:38.709795 192.168.15.50 > 192.168.3.2: (frag 13022:1376 at 1376+)
11:00:38.709806 192.168.15.50 > 192.168.3.2: (frag 13022:1376 at 2752+)
11:00:38.709818 192.168.15.50 > 192.168.3.2: (frag 13022:1376 at 4128+)
11:00:38.709820 192.168.15.50 > 192.168.3.2: (frag 13022:1376 at 5504+)
11:00:38.710255 192.168.15.50 > 192.168.3.2: (frag 13022:1376 at 6880+)
11:00:38.710266 192.168.15.50 > 192.168.3.2: (frag 13022:1376 at 8256+)
11:00:38.710620 192.168.15.50 > 192.168.3.2: (frag 13022:616 at 9632)
11:00:47.195041 192.168.3.2 > 192.168.15.50: icmp: echo request (frag
2623:1376 at 0+)
11:00:47.647732 192.168.3.2 > 192.168.15.50: (frag 2623:1376 at 1376+)
11:00:48.102083 192.168.3.2 > 192.168.15.50: (frag 2623:1376 at 2752+)
11:00:48.557165 192.168.3.2 > 192.168.15.50: (frag 2623:1376 at 4128+)
11:00:49.019963 192.168.3.2 > 192.168.15.50: (frag 2623:1376 at 5504+)
11:00:49.474121 192.168.3.2 > 192.168.15.50: (frag 2623:1376 at 6880+)
11:00:49.894528 192.168.3.2 > 192.168.15.50: (frag 2623:1376 at 8256+)
11:00:50.086320 192.168.3.2 > 192.168.15.50: (frag 2623:616 at 9632)
11:00:50.089540 192.168.15.50 > 192.168.3.2: icmp: echo reply (frag
13023:1376 at 0+)
11:00:50.089557 192.168.15.50 > 192.168.3.2: (frag 13023:1376 at 1376+)
11:00:50.089586 192.168.15.50 > 192.168.3.2: (frag 13023:1376 at 2752+)
11:00:50.089618 192.168.15.50 > 192.168.3.2: (frag 13023:1376 at 4128+)
11:00:50.089620 192.168.15.50 > 192.168.3.2: (frag 13023:1376 at 5504+)
11:00:50.090261 192.168.15.50 > 192.168.3.2: (frag 13023:1376 at 6880+)
11:00:50.090272 192.168.15.50 > 192.168.3.2: (frag 13023:1376 at 8256+)
11:00:50.090727 192.168.15.50 > 192.168.3.2: (frag 13023:616 at 9632)
This look OK too me, but I don't uderstand why the roadwarrior client
gets a "Request timed out". On the ipsec0 interface there's again the
"... 13 bytes missing! ..." error.
Trace on ipsec0 interface :
11:13:54.057019 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: icmp: echo
request (frag 3043:1376 at 0+)}
11:13:54.511383 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3043:1376 at 1376+)}
11:13:54.965166 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3043:1376 at 2752+)}
11:13:55.419800 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3043:1376 at 4128+)}
11:13:55.904027 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3043:1376 at 5504+)}
11:13:56.337434 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3043:1376 at 6880+)}
11:13:56.774118 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3043:1376 at 8256+)}
11:13:56.959407 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 637: 192.168.3.2 > 192.168.15.50: (frag
3043:616 at 9632)}
11:13:56.961839 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
icmp: echo reply (frag 13045:1376 at 0+)} (frag 18662:1400 at 0+)
11:13:56.961950 193.2.211.10 > 195.246.29.79: (frag 18662:13 at 1400)
11:13:56.961971 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13045:1376 at 1376+)} (frag 18663:1400 at 0+)
11:13:56.962050 193.2.211.10 > 195.246.29.79: (frag 18663:13 at 1400)
11:13:56.962094 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13045:1376 at 2752+)} (frag 18664:1400 at 0+)
11:13:56.962171 193.2.211.10 > 195.246.29.79: (frag 18664:13 at 1400)
11:13:56.962189 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13045:1376 at 4128+)} (frag 18665:1400 at 0+)
11:13:56.962266 193.2.211.10 > 195.246.29.79: (frag 18665:13 at 1400)
11:13:56.962283 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13045:1376 at 5504+)} (frag 18666:1400 at 0+)
11:13:56.962360 193.2.211.10 > 195.246.29.79: (frag 18666:13 at 1400)
11:13:56.962380 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13045:1376 at 6880+)} (frag 18667:1400 at 0+)
11:13:56.962459 193.2.211.10 > 195.246.29.79: (frag 18667:13 at 1400)
11:13:56.962476 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13045:1376 at 8256+)} (frag 18668:1400 at 0+)
11:13:56.962555 193.2.211.10 > 195.246.29.79: (frag 18668:13 at 1400)
11:13:56.962565 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 637: 192.168.15.50 > 192.168.3.2: (frag 13045:616 at 9632)} (DF)
11:14:05.253993 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: icmp: echo
request (frag 3054:1376 at 0+)}
11:14:05.748867 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3054:1376 at 1376+)}
11:14:06.163696 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3054:1376 at 2752+)}
11:14:06.617696 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3054:1376 at 4128+)}
11:14:07.098576 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3054:1376 at 5504+)}
11:14:07.515669 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3054:1376 at 6880+)}
11:14:07.966943 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3054:1376 at 8256+)}
11:14:08.156455 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 637: 192.168.3.2 > 192.168.15.50: (frag
3054:616 at 9632)}
11:14:08.159507 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1397: 192.168.15.50 > 192.168.3.2: icmp: echo reply (frag
13046:1376 at 0+)} (DF)
11:14:08.159640 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13046:1376 at 1376+)} (frag 18669:1400 at 0+)
11:14:08.159731 193.2.211.10 > 195.246.29.79: (frag 18669:13 at 1400)
11:14:08.159778 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13046:1376 at 2752+)} (frag 18670:1400 at 0+)
11:14:08.159856 193.2.211.10 > 195.246.29.79: (frag 18670:13 at 1400)
11:14:08.159874 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13046:1376 at 4128+)} (frag 18671:1400 at 0+)
11:14:08.159967 193.2.211.10 > 195.246.29.79: (frag 18671:13 at 1400)
11:14:08.159990 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13046:1376 at 5504+)} (frag 18672:1400 at 0+)
11:14:08.160068 193.2.211.10 > 195.246.29.79: (frag 18672:13 at 1400)
11:14:08.160108 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13046:1376 at 6880+)} (frag 18673:1400 at 0+)
11:14:08.160186 193.2.211.10 > 195.246.29.79: (frag 18673:13 at 1400)
11:14:08.160203 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13046:1376 at 8256+)} (frag 18674:1400 at 0+)
11:14:08.160280 193.2.211.10 > 195.246.29.79: (frag 18674:13 at 1400)
11:14:08.160290 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 637: 192.168.15.50 > 192.168.3.2: (frag 13046:616 at 9632)} (DF)
11:14:16.266443 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: icmp: echo
request (frag 3065:1376 at 0+)}
11:14:16.721605 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3065:1376 at 1376+)}
11:14:17.176082 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3065:1376 at 2752+)}
11:14:17.629216 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3065:1376 at 4128+)}
11:14:18.097138 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3065:1376 at 5504+)}
11:14:18.548073 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3065:1376 at 6880+)}
11:14:18.967415 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 1397: 192.168.3.2 > 192.168.15.50: (frag
3065:1376 at 8256+)}
11:14:19.167092 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[L](60426/54288) {IP 637: 192.168.3.2 > 192.168.15.50: (frag
3065:616 at 9632)}
11:14:19.169500 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
icmp: echo reply (frag 13047:1376 at 0+)} (frag 18675:1400 at 0+)
11:14:19.169591 193.2.211.10 > 195.246.29.79: (frag 18675:13 at 1400)
11:14:19.169612 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13047:1376 at 1376+)} (frag 18676:1400 at 0+)
11:14:19.169691 193.2.211.10 > 195.246.29.79: (frag 18676:13 at 1400)
11:14:19.169735 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13047:1376 at 2752+)} (frag 18677:1400 at 0+)
11:14:19.169812 193.2.211.10 > 195.246.29.79: (frag 18677:13 at 1400)
11:14:19.169830 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13047:1376 at 4128+)} (frag 18678:1400 at 0+)
11:14:19.169909 193.2.211.10 > 195.246.29.79: (frag 18678:13 at 1400)
11:14:19.169926 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13047:1376 at 5504+)} (frag 18679:1400 at 0+)
11:14:19.170004 193.2.211.10 > 195.246.29.79: (frag 18679:13 at 1400)
11:14:19.170023 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13047:1376 at 6880+)} (frag 18680:1400 at 0+)
11:14:19.170102 193.2.211.10 > 195.246.29.79: (frag 18680:13 at 1400)
11:14:19.170120 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 1384: truncated-ip - 13 bytes missing!192.168.15.50 > 192.168.3.2:
(frag 13047:1376 at 8256+)} (frag 18681:1400 at 0+)
11:14:19.170198 193.2.211.10 > 195.246.29.79: (frag 18681:13 at 1400)
11:14:19.170208 193.2.211.10.l2tp > 195.246.29.79.l2tp: l2tp:[L](6/1)
{IP 637: 192.168.15.50 > 192.168.3.2: (frag 13047:616 at 9632)} (DF)
11:14:39.127128 193.2.211.10.l2tp > 195.246.29.79.l2tp:
l2tp:[TLS](6/0)Ns=8,Nr=4 *MSGTYPE(HELLO) (DF)
11:14:39.295596 195.246.29.79.l2tp > 193.2.211.10.l2tp:
l2tp:[TLS](60426/0)Ns=4,Nr=9 ZLB
> <snip>
> Bizarre! At least we're getting closer. So we know it is a fragmentation
> problem. However, what changes when the LAN-to-LAN tunnel is activated?
> Does it run any special updown script that manipulates fragments?
As seen from the ipsec.conf there aren't no other scripts run when the
tunnel goes up.
> Let me see if I understand this trace correctly. It mystifies me that
> the change appears to be on the client side. So you first do a large
> ping without the LAN-to-LAN tunnel up. Why does your trace not show the
> fragments?
I made a mistake in my previous post and posted the wrong trace, sorry.
Any other ideas maybe?
- --
Thanks,
Andrej.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDIAXSVd/NU2yFfAoRAgPYAJ4uli/hTCvcCJPJYVvCIMoRnrcfcgCgiZab
zxUJqILExPJ/Z2+qSwN9fxQ=
=rkgi
-----END PGP SIGNATURE-----
More information about the Users
mailing list