IPSec tcp session stalling
Matthew Grooms
mgrooms at shrew.net
Sat Oct 22 15:12:09 PDT 2005
Mike & Volker,
>Try sending different sized pings or other packet size control utils to
>really make sure its not MTU related.
>Maybe there is an upstream router thats blocking ICMP fragment packets,
>have you ever seen them? try forcing the creation of some.
>
>Mike
I am experiencing the same issue as Volker and tried sending
different sized ICMP packets which seems to work fine. I followed up
with a telnet connection which quickly stalled.
root at hole# tcpdump -i xl1 src or dst 10.20.10.141
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on xl1, link-type EN10MB (Ethernet), capture size 96 bytes
16:46:01.676879 IP 10.22.200.21 > 10.20.10.141: ICMP echo request, id
512, seq 15872, length 508
16:46:01.722918 IP 10.20.10.141 > 10.22.200.21: ICMP echo reply, id 512,
seq 15872, length 508
16:46:02.691200 IP 10.22.200.21 > 10.20.10.141: ICMP echo request, id
512, seq 16128, length 508
16:46:02.739848 IP 10.20.10.141 > 10.22.200.21: ICMP echo reply, id 512,
seq 16128, length 508
16:46:07.015667 IP 10.22.200.21 > 10.20.10.141: ICMP echo request, id
512, seq 16384, length 1008
16:46:07.067792 IP 10.20.10.141 > 10.22.200.21: ICMP echo reply, id 512,
seq 16384, length 1008
16:46:08.019359 IP 10.22.200.21 > 10.20.10.141: ICMP echo request, id
512, seq 16640, length 1008
16:46:08.093539 IP 10.20.10.141 > 10.22.200.21: ICMP echo reply, id 512,
seq 16640, length 1008
16:46:12.119300 IP 10.22.200.21 > 10.20.10.141: ICMP echo request, id
512, seq 16896, length 1480
16:46:12.119308 IP 10.22.200.21 > 10.20.10.141: icmp
16:46:12.197403 IP 10.20.10.141 > 10.22.200.21: ICMP echo reply, id 512,
seq 16896, length 1480
16:46:12.197414 IP 10.20.10.141 > 10.22.200.21: icmp
16:46:13.128799 IP 10.22.200.21 > 10.20.10.141: ICMP echo request, id
512, seq 17152, length 1480
16:46:13.128805 IP 10.22.200.21 > 10.20.10.141: icmp
16:46:13.201023 IP 10.20.10.141 > 10.22.200.21: ICMP echo reply, id 512,
seq 17152, length 1480
16:46:13.201033 IP 10.20.10.141 > 10.22.200.21: icmp
16:46:26.872047 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: S
579182992:579182992(0) win 16384 <mss 1460,nop,nop,sackOK>
16:46:26.941687 IP 10.20.10.141.telnet > 10.22.200.21.rna-lm: S
2118087729:2118087729(0) ack 579182993 win 5840 <mss 1460,nop,nop,sackOK>
16:46:26.941800 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: . ack 1
win 17520
16:46:30.537896 IP 10.20.10.141.telnet > 10.22.200.21.rna-lm: S
2118087729:2118087729(0) ack 579182993 win 5840 <mss 1460,nop,nop,sackOK>
16:46:30.538000 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: . ack 1
win 17520
16:46:30.577673 IP 10.20.10.141.54127 > 10.22.200.21.auth: S
2118367383:2118367383(0) win 5840 <mss 1460,sackOK,timestamp 3241333360
0,nop,wscale 0>
16:46:30.577770 IP 10.22.200.21.auth > 10.20.10.141.54127: R 0:0(0) ack
2118367384 win 0
16:46:30.620047 IP 10.20.10.141.telnet > 10.22.200.21.rna-lm: P 1:13(12)
ack 1 win 5840
16:46:30.620242 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: P 1:7(6)
ack 13 win 17508
16:46:33.620543 IP 10.20.10.141.telnet > 10.22.200.21.rna-lm: P 1:13(12)
ack 1 win 5840
16:46:33.620651 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: . ack 13
win 17508
16:46:33.964246 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: P 1:16(15)
ack 13 win 17508
16:46:40.503254 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: P 1:16(15)
ack 13 win 17508
16:46:40.538799 IP 10.20.10.141.telnet > 10.22.200.21.rna-lm: . ack 16
win 5840
16:46:40.538887 IP 10.20.10.141.telnet > 10.22.200.21.rna-lm: P 13:22(9)
ack 16 win 5840
16:46:40.539062 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: P
16:28(12) ack 22 win 17499
16:46:46.528977 IP 10.20.10.141.telnet > 10.22.200.21.rna-lm: P 13:22(9)
ack 16 win 5840
16:46:46.529081 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: . ack 22
win 17499
16:46:53.628188 IP 10.22.200.21.rna-lm > 10.20.10.141.telnet: P
16:38(22) ack 22 win 17499
16:47:05.221888 IP 10.22.200.21.vpvc > 10.20.10.141.telnet: P
1633240875:1633240887(12) ack 1931964537 win 17487
16:47:05.266687 IP 10.20.10.141.telnet > 10.22.200.21.vpvc: P 1:66(65)
ack 12 win 5840
16:47:05.267008 IP 10.22.200.21.vpvc > 10.20.10.141.telnet: P 12:15(3)
ack 66 win 17422
16:47:05.300951 IP 10.20.10.141.telnet > 10.22.200.21.vpvc: P 66:112(46)
ack 15 win 5840
16:47:05.301179 IP 10.22.200.21.vpvc > 10.20.10.141.telnet: P 15:18(3)
ack 112 win 17376
16:47:05.379114 IP 10.20.10.141.telnet > 10.22.200.21.vpvc: . ack 18 win
5840
-Matthew
More information about the freebsd-net
mailing list