[Openswan Users] L2TP / IPSEC (certificate) with Cisco Systems, Inc./VPN 3000 Concentrator
Dick
dm at chello.nl
Sat Dec 9 08:46:09 EST 2006
Hi All,
I've had some communication with Jacco de Leeuw about my Cisco 3000 Concentrator
troubles. I've learned a lot, ignoring unknown Vendor ID payload
[4048b7d56ebce88525e7de7f00d6c2d3c0000000] is about (echo -n
'FRAGMENTATION'|md5sum gives: 4048b7d56ebce88525e7de7f00d6c2d3) and fixed most
of the ipsec barf warnings.
I think my problem is related to the fragmentation, the Concentrator is crying
(by icmp) about timed out fragments.
On wiki.openswan.org
(http://wiki.openswan.org/index.php/Openswan/DebuggingTcpdump) I've found the
following statement: "Note that Linux sends the fragments *BEFORE* the initial
fragment." which could explain why my connection is working from Windows but
isn't working from Linux (there could be a crappy router in between). But my
tests didn't confirm this behaviour (or is openswan playing a fragmentation
trick?)
Fragmented ping seems to reply fine, maybe it is UDP related...
I hope someone knows what I might be doing wrong.
Thanks in advance,
Dick
More information about the Users
mailing list