[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] 2.6.9 strange behavor
From: thomas.otto () exedio ! com (Thomas Otto)
Date: 2004-12-09 11:06:54
Message-ID: 41B823B8.9040106 () exedio ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Omar!
I had similar Problems. Lowering the MTU of the ethernet interface solved this for me.
But i have a DSL-router on the strongswan 2.6.9 side, so maybe its a route issue.
best regards
Thomas Otto
Omar Armas wrote:
| I made different tests with a VPN server with Strongswan 2.2.2 and I found
| that when using native ipsec stack of kernel 2.6.9, I had some strange
| problems.
|
| Example 1:
|
| lan-to-lan connection, Monowall to Strongswan + 2.6.9:
|
| [LAN]
| |
| [Stronswan 2.2.2
| Kernel 2.6.9] VPN Server
| |
| |
| [Monowall] VPN GW
| |
| |
| [LAN]
|
| With this configuration, I establish connection succesfully, from VPN
| GW(Monowall) to a host behind VPN Server, I can ping it and transfer files
| with SAMBA. But If I establish a IMAP or SSH session, it starts well, but
| freezes after a few seconds.
|
|
| Example 2:
|
| lan-to-lan connection, Linksys to Strongswan + 2.6.9:
|
| [LAN]
| |
| [Stronswan 2.2.2
| Kernel 2.6.9] VPN Server
| |
| |
| [Linksys] VPN GW
| |
| |
| [LAN]
|
| The same as example 1, I can ping but any more elaborated transaction dies.
|
|
| Example 3:
|
| lan-to-lan connection, SonicWall to Strongswan + 2.6.9:
|
| [Host Swan]
| |
| [LAN]
| |
| [Stronswan 2.2.2
| Kernel 2.6.9] VPN Server
| |
| |
| [SonicWall] VPN GW
| |
| |
| [LAN]
| |
| [Host Swall]
|
| The same as example 1 and 2, but something weird happens.
| All traffic initiated from host "Swall" to "fetch" something from "Host Swan"
| works well.
| Example: VNC session, http, FTP.
|
| But all traffic initiated from host "Swan" to "fetch something from hot
| "Swall" dies.
|
|
| All 3 cases had in common the same VPN Server with Strongswan and kernel
| 2.6.9. In all cases the communicatios seem to initiate well only in one
| direction, although for example VNC session works well.
|
| I changed to kernel 2.4.28 with IPSEC patches and voila, it all worked well.
| It solved all problems.
| I don't know If I missed something when compiling kernel 2.6.9, but in my
| opinion if the tunnel is established, it should be well configured.
|
| Has anyone used kernel 2.6.9+ Strongswan without these problems?
| I have no problems with using 2.4.X, but I'd like to switch to 2.6.X in the
| future.
|
|
| Omar
| _______________________________________________
| Users mailing list
| Users@lists.strongswan.org
| http://lists.strongswan.org/mailman/listinfo/users
- --
Thomas Otto
Dipl. Wirtsch.-Inf.
IT-Administrator
exedio GmbH
F?rstereistr. 19
01099 Dresden
Germany
Telephon +49 (351) 4108-110
Fax +49 (351) 4108-199
thomas.otto@exedio.com
www.exedio.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBuCO4mzTI9ms9hKoRAsAYAJ9XYu0WOgoII3mapA+axsoT2XuTLgCgv8oc
6hoaXQKDPdYskRQUmad4b/s=
=BBzL
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic