Traffic through OpenSwan tunnels crashes windows servers
Frank.Weis at cte.lu
Thu May 11 16:02:59 CEST 2006
I have an extremely weird problem with IPsec tunnels in Devil-Linux:
I have two sites that are linked LAN-2-LAN by an IPSec tunnel that runs on
dedicated Linux firewalls.
I have upgraded the two firewalls from gibraltar
to Devil-Linux-1.2.9 (Gibraltar had Freeswan 2.0.4, DL has Openswan 2.4.4)
When I try to establish a TCP connection to any windows server (2k, 2k3), the
server restarts immediately (bluescreen, complaining about TCPIP.SYS error,
Connections that go through the DL firewall but not the ipsec tunnel
to the same ports on the same servers (either plainly routed throuh the
firewall, or with DNAT) are fine. Pinging the servers through the ipsec
tunnels is fine also.
When I revert one end of the tunnel back to Gibraltar/FreeSWan-2.0.4, the
servers on _that end_ of the tunnel are safe. The other side's servers are
still showing the problems....
The crashing can be triggered either by normal windows clients trying to
connect to the server, or by a linux client that does 'telnet x.y.z.t 25' to
Obviously the windows servers are seriously flawed, they shouldn't reboot even
IF the packet they receive were bogous. Unfortunately I don't have control
over these servers, and the people who do keep saying that my new firewalls
cause all the trouble.....
I am really desperate with this one, so if anybody has any hints, I'd be very
More information about the Users