[Openswan Users] Tunnel up, some hosts work, others don't.

Richard Whittaker richard at avits.ca
Thu Feb 26 18:03:33 EST 2015


On 2015-02-26 10:41, Simon Deziel wrote:
> On 02/26/2015 01:38 PM, Richard Whittaker wrote:
>> On 2015-02-26 09:31, Simon Deziel wrote:
>>> On 02/26/2015 12:22 PM, Richard Whittaker wrote:
>>>> I can also reproduce this with MySQL. I can establish an initial
>>>> connection and login to db2 from either 0.2 or 0.9, but as soon as I try
>>>> "connect mysql" from the client command line, everything just freezes in
>>>> the client.
>>>

Here's another SSH session seen from both ends of the connection. The 
timeframe is identical, and I eventually Contol-Ced the connection.

The session seen from db2 (192.168.64.9)
root at db2:~# tcpdump -i eth0 -nn host 192.168.0.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:00:21.027467 IP 192.168.0.2.36698 > 192.168.64.9.22: Flags [S], seq 
3882435085, win 14600, options [mss 1200,sackOK,TS val 425798676 ecr 
0,nop,wscale 7], length 0
15:00:21.027529 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [S.], seq 
1449523050, ack 3882435086, win 12480, options [mss 1260,sackOK,TS val 
648721399 ecr 425798676,nop,wscale 3], length 0
15:00:21.042506 IP 192.168.0.2.36698 > 192.168.64.9.22: Flags [.], ack 
1, win 115, options [nop,nop,TS val 425798680 ecr 648721399], length 0
15:00:21.056680 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [P.], seq 
1:42, ack 1, win 1560, options [nop,nop,TS val 648721406 ecr 425798680], 
length 41
15:00:21.077272 IP 192.168.0.2.36698 > 192.168.64.9.22: Flags [.], ack 
42, win 115, options [nop,nop,TS val 425798688 ecr 648721406], length 0
15:00:21.077315 IP 192.168.0.2.36698 > 192.168.64.9.22: Flags [P.], seq 
1:21, ack 42, win 115, options [nop,nop,TS val 425798688 ecr 648721406], 
length 20
15:00:21.077862 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], ack 
21, win 1560, options [nop,nop,TS val 648721411 ecr 425798688], length 0
15:00:21.080722 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], seq 
42:542, ack 21, win 1560, options [nop,nop,TS val 648721412 ecr 
425798688], length 500
15:00:21.081453 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [P.], seq 
542:1026, ack 21, win 1560, options [nop,nop,TS val 648721412 ecr 
425798688], length 484
15:00:21.096487 IP 192.168.0.2.36698 > 192.168.64.9.22: Flags [P.], seq 
21:773, ack 42, win 115, options [nop,nop,TS val 425798693 ecr 
648721411], length 752
15:00:21.134915 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], ack 
773, win 1748, options [nop,nop,TS val 648721426 ecr 425798693], length 0
15:00:21.290857 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], seq 
42:542, ack 773, win 1748, options [nop,nop,TS val 648721465 ecr 
425798693], length 500
15:00:21.714844 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], seq 
42:542, ack 773, win 1748, options [nop,nop,TS val 648721571 ecr 
425798693], length 500
15:00:22.562862 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], seq 
42:542, ack 773, win 1748, options [nop,nop,TS val 648721783 ecr 
425798693], length 500
15:00:24.262843 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], seq 
42:542, ack 773, win 1748, options [nop,nop,TS val 648722208 ecr 
425798693], length 500
15:00:27.662861 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], seq 
42:542, ack 773, win 1748, options [nop,nop,TS val 648723058 ecr 
425798693], length 500
15:00:34.470859 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], seq 
42:542, ack 773, win 1748, options [nop,nop,TS val 648724760 ecr 
425798693], length 500
15:00:48.070885 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], seq 
42:542, ack 773, win 1748, options [nop,nop,TS val 648728160 ecr 
425798693], length 500
15:01:15.270876 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [.], seq 
42:542, ack 773, win 1748, options [nop,nop,TS val 648734960 ecr 
425798693], length 500
15:01:33.623333 IP 192.168.0.2.36698 > 192.168.64.9.22: Flags [F.], seq 
773, ack 42, win 115, options [nop,nop,TS val 425816823 ecr 648721411], 
length 0
15:01:33.624976 IP 192.168.64.9.22 > 192.168.0.2.36698: Flags [F.], seq 
1026, ack 774, win 1748, options [nop,nop,TS val 648739548 ecr 
425816823], length 0
15:01:33.645061 IP 192.168.0.2.36698 > 192.168.64.9.22: Flags [R], seq 
3882435859, win 0, length 0
^C
22 packets captured
25 packets received by filter
0 packets dropped by kernel
root at db2:~#

---
The session seen from Prometheus (192.168.0.2).

root at prometheus:~# tcpdump -i eth3.80 -nn host 192.168.64.9
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth3.80, link-type EN10MB (Ethernet), capture size 96 bytes
15:00:21.008800 IP 192.168.0.2.36698 > 192.168.64.9.22: S 
3882435085:3882435085(0) win 14600 <mss 1460,sackOK,timestamp 425798676 
0,nop,wscale 7>
15:00:21.025204 IP 192.168.64.9.22 > 192.168.0.2.36698: S 
1449523050:1449523050(0) ack 3882435086 win 12480 <mss 
1200,sackOK,timestamp 648721399 425798676,nop,wscale 3>
15:00:21.025240 IP 192.168.0.2.36698 > 192.168.64.9.22: . ack 1 win 115 
<nop,nop,timestamp 425798680 648721399>
15:00:21.057255 IP 192.168.64.9.22 > 192.168.0.2.36698: P 1:42(41) ack 1 
win 1560 <nop,nop,timestamp 648721406 425798680>
15:00:21.057283 IP 192.168.0.2.36698 > 192.168.64.9.22: . ack 42 win 115 
<nop,nop,timestamp 425798688 648721406>
15:00:21.057468 IP 192.168.0.2.36698 > 192.168.64.9.22: P 1:21(20) ack 
42 win 115 <nop,nop,timestamp 425798688 648721406>
15:00:21.076909 IP 192.168.64.9.22 > 192.168.0.2.36698: . ack 21 win 
1560 <nop,nop,timestamp 648721411 425798688>
15:00:21.076951 IP 192.168.0.2.36698 > 192.168.64.9.22: P 21:773(752) 
ack 42 win 115 <nop,nop,timestamp 425798693 648721411>
15:00:21.131484 IP 192.168.64.9.22 > 192.168.0.2.36698: . ack 773 win 
1748 <nop,nop,timestamp 648721426 425798693>
15:01:33.596118 IP 192.168.0.2.36698 > 192.168.64.9.22: F 773:773(0) ack 
42 win 115 <nop,nop,timestamp 425816823 648721411>
15:01:33.619621 IP 192.168.64.9.22 > 192.168.0.2.36698: F 1026:1026(0) 
ack 774 win 1748 <nop,nop,timestamp 648739548 425816823>
15:01:33.619657 IP 192.168.0.2.36698 > 192.168.64.9.22: R 
3882435859:3882435859(0) win 0
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel
root at prometheus:~#

---
Does this shed any more helpful light on things?

Thanks,
Richard.


-- 
Alberni Valley IT Services

-------------- next part --------------
A non-text attachment was scrubbed...
Name: richard.vcf
Type: text/x-vcard
Size: 277 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20150226/d686927b/attachment.vcf>


More information about the Users mailing list