[Openswan Users] Ipsec: tcpdump vs pmtu 1446 (Tunnel 3des/md5-96).

Vincent Tamet vincent.tamet at ilimit.net
Tue Feb 8 10:59:40 EST 2011 

Hi,
I sent 10 days ago this mail to the dev without answer for now.

I'm trying to understand why the MTU in my test tunnel is 1446. (I have the same between two ciscos).
I have done tcpdump -E and use RFC to identify each byte in the trace, so can't understand why the pmtu is 4 bytes lower than I expect.

The 3des seems to use an IV size of simple DES, I do a lot of dump to verify the identification of padding (size of the ping), switch to aes to verify the bytes identifications.

Does the tcpdump -E erase the Auth Pad, a another thing, I'm must miss something but what ????




The 2 linux-box are in the same ethernet lan.

Mode Tunnel: 3des/md5-96

My interpretation:
   MTU     IP SPI SN  IV  Data   Pad PL  NH  AUTH
  1500    -20 -4 -4 -( 8    x )  -0  -1  -1  -12  = 1450

The PMTU from a "ping -M do -s 1472" give me 1446, why !?


Best regards

Vincent Tamet.
OSG[PCQ]

PS: The dump is from a lan to internet configuration, but it's the same results.
-----------------------------------------------------------------------------
* ping 192.168.3.1 -c 1 -s 2
17:25:56.555463 00:06:5b:8a:a4:2b > 00:24:14:d9:f1:90, ethertype IPv4 (0x0800), length 44: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 30)
    192.168.2.5 > 192.168.3.1: ICMP echo request, id 46448, seq 1, length 10
        0x0000:  4500 001e 0000 4000 4001 b488 c0a8 0205  E..... at .@.......
        0x0010:  c0a8 0301 0800 428d b570 0001 0001       ......B..p....
-----------------------------------------------------------------------------
16:25:59.221603 08:1f:f3:e7:0e:65 > 00:23:7d:fd:bb:04, ethertype IPv4 (0x0800), length 94: (tos 0x0, ttl 253, id 1992, offset 0, flags [DF], proto ESP (50), length 80) xx.xx.1.136 > 10.0.0.2: ESP(spi=0xdb14b228,seq=0x8), length 60
        0x0000:  4500 0050 07c8 4000 fd32 19cc 505e 0188  E..P.. at ..2..P^..
        0x0010:  0a00 0002 db14 b228 0000 0008 5957 445a  .......(....YWDZ
        0x0020:  5dcd 42b4 4500 001e 0000 4000 3f01 b588  ].B.E..... at .?...
        0x0030:  c0a8 0205 c0a8 0301 0800 428d b570 0001  ..........B..p..
        0x0040:  0001 0004 58c2 f376 69fa ede5 2584 f199  ....X..vi...%...
-----------------------------------------------------------------------------

More information about the Users mailing list