Andre Oppermann wrote: > Matthew Sullivan wrote: > >> Andre Oppermann wrote: >> >>> Matthew Sullivan wrote: >>> >>>> Give me the switches you want on tcpdump and I'll be happy to >>>> provide the packets ;-) >>> >>> >>> This should do the trick: >>> >>> tcpdump -n -p -i fxp0 -s 128 -w dump >>> >> Ok this is what you have: >> >> root_at_scorpion:~# tcpdump -n -p -i fxp0 -s 128 -w pktdump not port 24 >> >> and it's at: http://scorpion.sorbs.net/ICMP/pktdump > > > Ok, this is the problem: > > MTU of next hop: 0 > > Have you installed my patch on the gateway machine too, or only on your > host? Patch is on both servers (the VPN server and the host the dump is from). > > MTU of next hop should not be zero under normal circumstances. It > indicates > a bug somewhere in the normal IP forwarding path. > > Is this the correct packet flow: > > ... --> dc0 --> gif0 --> IPSec --> fxp0 --> Internet --> ... > That is correct for the VPN server. ifconfig for the VPN server as follows: fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 203.101.254.252 netmask 0xffffff00 broadcast 203.101.254.255 inet6 fe80::290:27ff:fec2:4977%fxp0 prefixlen 64 scopeid 0x1 ether 00:90:27:c2:49:77 media: Ethernet autoselect (100baseTX <full-duplex>) status: active dc0: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet 203.15.51.61 netmask 0xffffffe0 broadcast 203.15.51.63 inet6 fe80::2a0:cff:fec0:cc23%dc0 prefixlen 64 scopeid 0x2 ether 00:a0:0c:c0:cc:23 media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 tunnel inet 203.101.254.252 --> 138.130.223.244 tunnel inet6 203.101.254.252 --> 138.130.223.244 inet 203.15.51.61 --> 192.168.1.2 netmask 0xffffff00 inet6 fe80::290:27ff:fec2:4977%gif0 prefixlen 64 scopeid 0x5 FreeBSD stealth.sorbs.net 6.0-CURRENT FreeBSD 6.0-CURRENT #1: Fri Apr 29 17:50:25 EST 2005 root_at_stealth.sorbs.net:/usr/obj/usr/src/sys/STEALTH i386 Regards, -- Matthew Sullivan Specialist Systems Programmer Information Technology Services The University of QueenslandReceived on Mon May 02 2005 - 14:26:45 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:33 UTC