[Openswan Users] Tunnel up, some hosts work, others don't.

Richard Whittaker richard at avits.ca
Wed Feb 25 13:19:09 EST 2015 

On 2015-02-25 09:57, SilverTip257 wrote:

Here's some captures from one of my "near" hosts to one of the non 
working "far" hosts...

ping -c 5 db2.avits.ca  -- This is an ubuntu 12.04.5 host on the remote 
network.
10:12:29.880728 IP prometheus.avits.ca > 192.168.64.9: ICMP echo 
request, id 37133, seq 1, length 64
10:12:29.897714 IP 192.168.64.9 > prometheus.avits.ca: ICMP echo reply, 
id 37133, seq 1, length 64
10:12:30.882230 IP prometheus.avits.ca > 192.168.64.9: ICMP echo 
request, id 37133, seq 2, length 64
10:12:30.899679 IP 192.168.64.9 > prometheus.avits.ca: ICMP echo reply, 
id 37133, seq 2, length 64
10:12:31.883272 IP prometheus.avits.ca > 192.168.64.9: ICMP echo 
request, id 37133, seq 3, length 64
10:12:31.897788 IP 192.168.64.9 > prometheus.avits.ca: ICMP echo reply, 
id 37133, seq 3, length 64
10:12:32.884388 IP prometheus.avits.ca > 192.168.64.9: ICMP echo 
request, id 37133, seq 4, length 64
10:12:32.899646 IP 192.168.64.9 > prometheus.avits.ca: ICMP echo reply, 
id 37133, seq 4, length 64
10:12:33.886249 IP prometheus.avits.ca > 192.168.64.9: ICMP echo 
request, id 37133, seq 5, length 64
10:12:33.906576 IP 192.168.64.9 > prometheus.avits.ca: ICMP echo reply, 
id 37133, seq 5, length 64

ssh db2.avits.ca
10:12:43.573521 IP prometheus.avits.ca.59117 > 192.168.64.9.ssh: Flags 
[S], seq 3166911300, win 14600, options [mss 1460,sackOK,TS val 
399884318 ecr 0,nop,wscale 7], length 0
10:12:43.589998 IP 192.168.64.9.ssh > prometheus.avits.ca.59117: Flags 
[S.], seq 3660682812, ack 3166911301, win 12480, options [mss 
470,sackOK,TS val 622805678 ecr 399884318,nop,wscale 3], length 0
10:12:43.590117 IP prometheus.avits.ca.59117 > 192.168.64.9.ssh: Flags 
[.], ack 1, win 115, options [nop,nop,TS val 399884322 ecr 622805678], 
length 0
10:12:43.623359 IP 192.168.64.9.ssh > prometheus.avits.ca.59117: Flags 
[P.], seq 1:42, ack 1, win 1560, options [nop,nop,TS val 622805686 ecr 
399884322], length 41
10:12:43.623482 IP prometheus.avits.ca.59117 > 192.168.64.9.ssh: Flags 
[.], ack 42, win 115, options [nop,nop,TS val 399884330 ecr 622805686], 
length 0
10:12:43.623560 IP prometheus.avits.ca.59117 > 192.168.64.9.ssh: Flags 
[P.], seq 1:21, ack 42, win 115, options [nop,nop,TS val 399884330 ecr 
622805686], length 20
10:12:43.623766 IP prometheus.avits.ca.59117 > 192.168.64.9.ssh: Flags 
[.], seq 21:479, ack 42, win 115, options [nop,nop,TS val 399884330 ecr 
622805686], length 458
10:12:43.640014 IP 192.168.64.9.ssh > prometheus.avits.ca.59117: Flags 
[.], ack 21, win 1560, options [nop,nop,TS val 622805691 ecr 399884330], 
length 0
10:12:43.640146 IP prometheus.avits.ca.59117 > 192.168.64.9.ssh: Flags 
[P.], seq 479:773, ack 42, win 115, options [nop,nop,TS val 399884334 
ecr 622805691], length 294
10:12:43.643967 IP 192.168.64.9.ssh > prometheus.avits.ca.59117: Flags 
[.], ack 479, win 1685, options [nop,nop,TS val 622805691 ecr 
399884330], length 0
10:12:43.694071 IP 192.168.64.9.ssh > prometheus.avits.ca.59117: Flags 
[.], ack 773, win 1810, options [nop,nop,TS val 622805705 ecr 
399884334], length 0
10:12:48.222897 IP prometheus.avits.ca.59117 > 192.168.64.9.ssh: Flags 
[F.], seq 773, ack 42, win 115, options [nop,nop,TS val 399885480 ecr 
622805691], length 0
10:12:48.241889 IP 192.168.64.9.ssh > prometheus.avits.ca.59117: Flags 
[F.], seq 1026, ack 774, win 1810, options [nop,nop,TS val 622806841 ecr 
399885480], length 0
10:12:48.242014 IP prometheus.avits.ca.59117 > 192.168.64.9.ssh: Flags 
[R], seq 3166912074, win 0, length 0

...and SSH session to a working CentOS 5.10 host, also on the remote 
network.
10:16:51.764945 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[S], seq 1378469798, win 14600, options [mss 1460,sackOK,TS val 
399946366 ecr 0,nop,wscale 7], length 0
10:16:51.783532 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[S.], seq 3384734015, ack 1378469799, win 5792, options [mss 
470,sackOK,TS val 3085502586 ecr 399946366,nop,wscale 7], length 0
10:16:51.783653 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[.], ack 1, win 115, options [nop,nop,TS val 399946370 ecr 3085502586], 
length 0
10:16:51.823886 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[P.], seq 1:21, ack 1, win 46, options [nop,nop,TS val 3085502626 ecr 
399946370], length 20
10:16:51.824007 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[.], ack 21, win 115, options [nop,nop,TS val 399946380 ecr 3085502626], 
length 0
10:16:51.824069 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[P.], seq 1:21, ack 21, win 115, options [nop,nop,TS val 399946380 ecr 
3085502626], length 20
10:16:51.824261 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[.], seq 21:479, ack 21, win 115, options [nop,nop,TS val 399946380 ecr 
3085502626], length 458
10:16:51.841771 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[.], ack 21, win 46, options [nop,nop,TS val 3085502644 ecr 399946380], 
length 0
10:16:51.841909 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[P.], seq 479:773, ack 21, win 115, options [nop,nop,TS val 399946385 
ecr 3085502644], length 294
10:16:51.846488 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[P.], seq 545:725, ack 21, win 46, options [nop,nop,TS val 3085502647 
ecr 399946380], length 180
10:16:51.846611 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[.], ack 21, win 115, options [nop,nop,TS val 399946386 ecr 
3085502644,nop,nop,sack 1 {545:725}], length 0
10:16:51.846943 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[.], seq 21:521, ack 21, win 46, options [nop,nop,TS val 3085502647 ecr 
399946380], length 500
10:16:51.846960 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[.], seq 521:545, ack 21, win 46, options [nop,nop,TS val 3085502647 ecr 
399946380], length 24
10:16:51.847102 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[.], ack 521, win 122, options [nop,nop,TS val 399946386 ecr 
3085502647,nop,nop,sack 1 {545:725}], length 0
10:16:51.847135 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[.], ack 725, win 122, options [nop,nop,TS val 399946386 ecr 
3085502647], length 0
10:16:51.857556 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[.], ack 773, win 62, options [nop,nop,TS val 3085502660 ecr 399946380], 
length 0
10:16:51.859547 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[P.], seq 773:797, ack 725, win 122, options [nop,nop,TS val 399946389 
ecr 3085502660], length 24
10:16:51.880046 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[P.], seq 725:877, ack 797, win 62, options [nop,nop,TS val 3085502682 
ecr 399946389], length 152
10:16:51.883273 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[P.], seq 797:941, ack 877, win 130, options [nop,nop,TS val 399946395 
ecr 3085502682], length 144
10:16:51.918463 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[.], seq 877:1377, ack 941, win 70, options [nop,nop,TS val 3085502720 
ecr 399946395], length 500
10:16:51.918484 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[P.], seq 1377:1597, ack 941, win 70, options [nop,nop,TS val 3085502720 
ecr 399946395], length 220
10:16:51.918645 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[.], ack 1597, win 146, options [nop,nop,TS val 399946404 ecr 
3085502720], length 0
10:16:54.595777 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[P.], seq 941:957, ack 1597, win 146, options [nop,nop,TS val 399947073 
ecr 3085502720], length 16
10:16:54.650861 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[.], ack 957, win 70, options [nop,nop,TS val 3085505454 ecr 399947073], 
length 0
10:16:54.650982 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[P.], seq 957:1005, ack 1597, win 146, options [nop,nop,TS val 399947087 
ecr 3085505454], length 48
10:16:54.670203 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[.], ack 1005, win 70, options [nop,nop,TS val 3085505472 ecr 
399947087], length 0
10:16:54.670217 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[P.], seq 1597:1645, ack 1005, win 70, options [nop,nop,TS val 
3085505473 ecr 399947087], length 48
10:16:54.670391 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[P.], seq 1005:1069, ack 1645, win 146, options [nop,nop,TS val 
399947092 ecr 3085505473], length 64
10:16:54.688202 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[P.], seq 1645:1725, ack 1069, win 70, options [nop,nop,TS val 
3085505491 ecr 399947092], length 80
10:16:54.724819 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[.], ack 1725, win 146, options [nop,nop,TS val 399947106 ecr 
3085505491], length 0
10:16:56.435411 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[F.], seq 1069, ack 1725, win 146, options [nop,nop,TS val 399947533 ecr 
3085505491], length 0
10:16:56.461402 IP 192.168.64.4.ssh > prometheus.avits.ca.60271: Flags 
[F.], seq 1725, ack 1070, win 70, options [nop,nop,TS val 3085507265 ecr 
399947533], length 0
10:16:56.461522 IP prometheus.avits.ca.60271 > 192.168.64.4.ssh: Flags 
[.], ack 1726, win 146, options [nop,nop,TS val 399947540 ecr 
3085507265], length 0

If I need to provide a more detailed session, please let me know.

Appreciate any insights.

Thanks,
Richard.

-- 
Alberni Valley IT Services

-------------- next part --------------
A non-text attachment was scrubbed...
Name: richard.vcf
Type: text/x-vcard
Size: 277 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20150225/59b87214/attachment.vcf>

More information about the Users mailing list