[Openswan Users] Traffic through OpenSwan tunnels crashes windows servers

Frank Weis Frank.Weis at cte.lu
Thu May 11 16:02:59 CEST 2006


Hi all,

I have an extremely weird problem with IPsec tunnels in Devil-Linux:

I have two sites that are linked LAN-2-LAN by an IPSec tunnel that runs on 
dedicated Linux firewalls.

I have upgraded the two firewalls  from gibraltar 
to Devil-Linux-1.2.9 (Gibraltar had Freeswan 2.0.4, DL has Openswan 2.4.4)

When I try to establish a TCP connection to any windows server (2k, 2k3), the 
server restarts immediately (bluescreen, complaining about TCPIP.SYS error, 
and reboots).

Connections that go through the DL firewall but not the ipsec tunnel
to the same ports on the same servers (either plainly routed throuh the 
firewall, or with DNAT) are fine. Pinging the servers through the ipsec 
tunnels is fine also. 

When I revert one end of the tunnel back to Gibraltar/FreeSWan-2.0.4, the 
servers on _that end_ of the tunnel are safe. The other side's servers are 
still showing the problems....

The crashing can be triggered either by normal windows clients trying to 
connect to the server, or by a linux client that does 'telnet x.y.z.t 25' to 
the server. 

Obviously the windows servers are seriously flawed, they shouldn't reboot even 
IF the packet they receive were bogous. Unfortunately I don't have control 
over these servers, and the people who do keep saying that my new firewalls 
cause all the trouble.....



I am really desperate with this one, so if anybody has any hints, I'd be very 
grateful.

Thanks 

Frank


More information about the Users mailing list