[Openswan Users] Help with Strange Problem after Freeswan to Openswan upgrade

Potato Chip jc-openswan at jline.com
Tue May 30 12:01:43 CEST 2006


Can someone see anything wrong with this tcpdump output? I am simply
trying to create a remote desktop session from wbox.jline.com to
10.10.3.6, however, the connection is never made. However, I can connect
fine from 10.10.3.6 to wbox.jline.com without a problem. As far as I can
tell the route is symmetric.

This tcpdump was taken from an openswan ipsec gateway sitting between
the 2 XP machines. A quick description of the network looks like this:

Wbox.jline.com <-> openswan 2.6 ipsec gateway <-- internet --> openswan
2.6 ipsec gateway (tcpdump taken here) <-> 10.10.3.6

reading from file dump3.tcpout, link-type EN10MB (Ethernet)
03:23:46.540229 IP wbox.jline.com.2035 > 10.10.3.6.3389: S
3135479979:3135479979(0) win 65535 <mss 1460,nop,nop,sackOK>
03:23:46.540710 IP 10.10.3.6.3389 > wbox.jline.com.2035: S
3719101154:3719101154(0) ack 3135479980 win 16384 <mss
1460,nop,nop,sackOK>
03:23:46.627280 IP wbox.jline.com.2035 > 10.10.3.6.3389: . ack 1 win
65535
03:23:46.630280 IP wbox.jline.com.2035 > 10.10.3.6.3389: P 1:37(36) ack
1 win 65535
03:23:46.630647 IP 10.10.3.6.3389 > wbox.jline.com.2035: P 1:12(11) ack
37 win 65499
03:23:46.717606 IP wbox.jline.com.2035 > 10.10.3.6.3389: P 37:449(412)
ack 12 win 65524
03:23:46.719201 IP 10.10.3.6.3389 > wbox.jline.com.2035: P 12:1402(1390)
ack 449 win 65087
03:23:49.135405 IP wbox.jline.com.2035 > 10.10.3.6.3389: P 37:449(412)
ack 12 win 65524
03:23:49.136884 IP 10.10.3.6.3389 > wbox.jline.com.2035: . ack 449 win
65087
03:23:49.163614 IP 10.10.3.6.3389 > wbox.jline.com.2035: P 12:1402(1390)
ack 449 win 65087
03:23:54.193960 IP 10.10.3.6.3389 > wbox.jline.com.2035: P 12:1402(1390)
ack 449 win 65087
03:24:04.145356 IP 10.10.3.6.3389 > wbox.jline.com.2035: P 12:1402(1390)
ack 449 win 65087
03:24:16.526810 IP wbox.jline.com.2035 > 10.10.3.6.3389: P 449:458(9)
ack 12 win 65524
03:24:16.529557 IP wbox.jline.com.2035 > 10.10.3.6.3389: F 458:458(0)
ack 12 win 65524
03:24:16.529925 IP 10.10.3.6.3389 > wbox.jline.com.2035: . ack 459 win
65078
03:24:16.529952 IP 10.10.3.6.3389 > wbox.jline.com.2035: R 1402:1402(0)
ack 459 win 0
03:24:16.607626 IP wbox.jline.com.2035 > 10.10.3.6.3389: . ack 12 win
65524
03:24:16.607992 IP 10.10.3.6.3389 > wbox.jline.com.2035: R
3719101166:3719101166(0) win 0

I have seen reports of MTU issues, but I am able to successfully ping
forward and back ping packets from 40 bytes to 10,000 byte sizes without
problem. 

My freeswan network worked perfectly for many years. However, now, with
2.6 ipsec and openswan, I am having problems I have never encountered
before. I could really use someone else's eyes and help!

Failure to establish this remote desktop connection is just one problem
symptom, among a host of strange problems I am having. However, I am
hoping to isolate and solve this one failure to shed light on what the
other problems might be.

If anyone can advise on further tests, ideas, etc., please let me know.
I appreciate the help!

Jae



More information about the Users mailing list