Hi
I currently have a working implementation of one subnet behind a Linux
FreeSWAN 1.95 gateway to another subnet behind another Linux FreeSWAN 1.95
gateway.
I am running Redhat 7.1 with kernel 2.4.9-31.
I have tried to add a w2k roadwarrior using w2k ipsec implementation with
PSK. I believe that both the w2k and freeSWAN gateway have successfully
negotiated the main mode and quick mode security (indicated by the w2k
ipsecmon tool). However when I try and ping from the w2k box, the response
is 'Request timed out'. The ipsecmon w2k tool shows it is sending packets,
but does not receive packets, I have defined a filter and tunnel for both
directions on the w2k box. Using tcpdump on the freeSWAN box I can see the
icmp echo request entering on ipsec0 from the w2k box, I can see the icmp
echo reply from my local subnet leave, BUT all reply packets are DROPPED by
the ipsec0 interface
Tcpdump output from ipsec0
15:44:33.293564 < 203.xx.xxx.211 > 192.168.66.42: icmp: echo request
15:44:33.294307 > 192.168.66.42 > 203.xx.xxx.211: icmp: echo reply [tos
0x2,ECT]
15:44:34.301197 > 203.xx.xx.100 > 203.xx.xxx.211: ip-proto-50 92 [tos 0x4]
ifconfig ipsec0
ipsec0 Link encap:Ethernet HWaddr 00:Ax:Cx:5x:7x:8x
inet addr:203.xx.xx.100 Mask:255.255.255.248
UP RUNNING NOARP MTU:300 Metric:1
RX packets:97477 errors:0 dropped:31 overruns:0 frame:0
TX packets:58036 errors:0 dropped:1329 overruns:0 carrier:0
collisions:0 txqueuelen:10
The MTU is low at the moment as I have been playing with this in an attempt
to fix the problem (to no avail..). The RX dropped packets appear to be
caused by a tunnel that has not been used for a while and fails to
renegotiate when reused.
Can anyone suggest what I need to do to stop the ipsec0 interface from
dropping all the TX packets?
Regards
Rod Blennerhassett
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST