Hosting Provided By

Re: [Users] Dropped ESP Packets

From: Sam Sgro <sam(at)freeswan.org>
Date: Fri Oct 03 2003 - 15:14:03 EDT

-----BEGIN PGP SIGNED MESSAGE----- On Thursday 02 October 2003 13:01, Troy Caldwell wrote:
> The setup of the client is that they have an internal private address

Can you correlate the stalled connection with something concrete? Throttle the MTU on both sides at something reasonable but safe via overridemtu (say, 1000). Then, capture a tcpdump from both sides during an scp attempt; make certain you use the "-s 0" option to ensure you catch even the little fragments. Do you see a situation where, every time the scp stalls, there is some critical event? (ie, loss of an ESP packet)

You can also go a step further, and correlate this with decrypted packets appearing on ipsec0.

Sounds like you're doing the right things, though.

-- Sam Sgro sam@freeswan.org

-----BEGIN PGP SIGNATURE-----

Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBP33KfkOSC4btEQUtAQETpAQAhQuY6DwAd2cvVkUKqawCB4qYXihmby9B mNm7uCfDMBA4/AJzx9lYwrNoNaNEwWuAQg4MVC4E3/31f/foum3F1A/Ibogd2CSa RW4PIrUnQdLY51bafIOO9TisOxYJQpNWVkwdjctKnvGfga7NONQE/2x0UGW9QsUq oLzlKr1x2NU=
=gjzM
-----END PGP SIGNATURE-----

FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr Received on Fri Oct 3 15:56:52 2003

This message: [ Message body ]
Next message: Sergio A Lima Jr: "[Users] duplicate keys (3DES)"
Previous message: Sam Sgro: "Re: [Users] routing"
In reply to Troy Caldwell: "[Users] Dropped ESP Packets"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:40 EDT

Do you need help?