[Openswan Users] missing packets

Alonso Manilla alonso.manilla at gmail.com
Thu May 9 17:56:24 UTC 2013 

Hi,

I have a vpn up from a linux (ubuntu 12.04 kernel 3.2) to a stonegate
provider with this ipsec.conf:

################ /etc/ipsec.conf ###################
version 2.0
config setup
plutoopts="--perpeerlog"
dumpdir=/var/run/pluto/
nat_traversal=yes
 virtual_private=%v4:128.9.0.0/16,%v4:172.XX.XX.XX/32
oe=off
 protostack=netkey
plutostderrlog=/var/log/debug/pluto.log
interfaces=%defaultroute
conn burocredito
        type=tunnel
######### ubuntu
        left=85.YY.YYY.YYY
        leftsubnet=172.XX.XX.XX/32 <http://172.22.11.10/32>
        leftnexthop=%defaultroute
######### stonegate
        right=200.76.208.137
        rightid=128.100.100.1
        rightsubnet=128.9.0.0/16
        rightnexthop=%defaultroute
        pfs=yes
        auto=start
        ike=3des-md5;modp1024
        keylife=60m
        authby=secret
        ikelifetime=1440m
        esp=3des-md5
        compress=no
        forceencaps= yes


I send a ping and its ok, but when I send a telnet info I lost the answer
from the stonegate.

Using tcpdump I can see the data (xml for webservices) is there but I can't
forward to browser (webservices) or to console (telnet), this is what I get:

11:49:33.139349 IP 128.9.55.102.9080 > 172.XX.XX.XX.53442: Flags [.], ack
1939285834, win 54, options [nop,nop,TS val 3424378112 ecr 26675747],
length 0
E..4.. at .>.... 7f...
#x....|.s.'J...6.......
......
#
11:49:36.687277 IP 128.9.55.102.9080 > 172.XX.XX.XX.53464: Flags [S.], seq
3217152997, ack 1868879689, win 5792, options [mss 1460,sackOK,TS val
3424381659 ecr 26676634,nop,wscale 7], length 0
E..<.. at .>..,. 7f...
#x......od.I....%..........
......
11:49:36.871684 IP 128.9.55.102.9080 > 172.XX.XX.XX.53464: Flags [.], ack
183, win 54, options [nop,nop,TS val 3424381818 ecr 26676674], length 0
E..40. at .>.... 7f...
#x......od.....6i......
...z..
11:49:37.010269 IP 128.9.55.102.9080 > 172.XX.XX.XX.53464: Flags [P.], seq
1449:2381, ack 183, win 54, options [nop,nop,TS val 3424381862 ecr
26676674], length 932
E...0. at .>.... 7f...
#x......od.....6.......
.tput message="tns:consultaXMLResponse">
    </output>
    </operation>
  </portType>
  <binding name="WSConsultaPortBinding" type="tns:WSConsultaDelegate">
    <soap:binding style="document" transport="
http://schemas.xmlsoap.org/soap/http"/>
    <operation name="consultaCC">
      <soap:operation soapAction=""/>
      <input>
        <soap:body use="literal"/>
      </input>
      <output>
        <soap:body use="literal"/>
      </output>
    </operation>
    <operation name="consultaXML">
      <soap:operation soapAction=""/>
      <input>
        <soap:body use="literal"/>
      </input>
      <output>
        <soap:body use="literal"/>
      </output>
    </operation>
  </binding>
  <service name="WSConsultaService">
    <port name="WSConsultaPort" binding="tns:WSConsultaPortBinding">
      <soap:address location="
http://128.9.55.102:9080/WSConsultaBCC/WSConsultaService"/>
    </port>
  </service>
</definitions>


11:49:37.010488 IP 128.9.55.102.9080 > 172.XX.XX.XX.53464: Flags [FP.], seq
2381:2386, ack 183, win 54, options [nop,nop,TS val 3424381864 ecr
26676674], length 5
E..90. at .>.... 7f...
#x.....2od.....6.......
.0....


11:50:06.868990 IP 128.9.55.102.9080 > 172.XX.XX.XX.53464: Flags [.], ack
184, win 54, options [nop,nop,TS val 3424411845 ecr 26684178], length 0
E..40. at .>.... 7f...
#x.....8od.....6.......
..`...+.


I just try with iptables (I'm not an expert) to forward but I don what else
need to make it works.


Can you help me please to find a solution?

--
Alonso Manilla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130509/11b39e39/attachment-0001.html>

More information about the Users mailing list