<div dir="ltr">Noel, Thanks. I've enabled level loglevel 2 and restarted things awaiting the pause to occur again and will reply with an update.<div><br></div><div>Regarding packet capture, I am on ubuntu 14.04. I followed the steps on <a href="https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump">https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump</a> but when I tried to do the tcpdump, I get this error:</div><div><br></div><div><div># tcpdump -s 0 -n -i nflog:5</div><div>tcpdump: NFULNL_CFG_CMD_PF_UNBIND: Operation not permitted</div></div><div><br></div><div>ifconfig doesn't show any nflog interface.</div><div><br></div><div>mahesh</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Dec 13, 2015 at 11:23 AM, Noel Kuntze <span dir="ltr"><<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
</span><span class="">>Hi Noel, Thanks for the quick reply.<br>
> What level of loglevel should I enable? Also due to the nature of the traffic (medical data),<br>
> I can post it publicly so can I send it to you?<br>
> I do have a tcpdump capture of the ~10 second window during when the problem starts. Will that help?<br>
<br>
</span>Hello Mahesh,<br>
<br>
Please keep the mailing list as recipient.<br>
The IP address and packet size can hardly be considered confidential.<br>
We are not interested in the packets' contents.<br>
You're free to remove any packet contents, we're just interested in the<br>
IP and ESP protocol headers.<br>
I wrote a small document[1] on taking traffic dumps correctly.<br>
Maybe that will be useful in the future.<br>
<br>
Please post logs with default=2.<br>
Use a pastebin or attach them to the email. There is a attachement<br>
size limit on this mailing list, so a pastebin is preferred.<br>
<br>
[1] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump" rel="noreferrer" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump</a><br>
<span class="">- --<br>
<br>
Mit freundlichen Grüßen/Kind Regards,<br>
Noel Kuntze<br>
<br>
GPG Key ID: 0x63EC6658<br>
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
</span>iQIcBAEBCAAGBQJWbZt5AAoJEDg5KY9j7GZYic8P/jBx9odqxmwswo9GjpxIRvYK<br>
EoGX0qnIGyhv1B1Mfw1o6KacqGg+W+sH+lebbs+r0/TaMWloucMN7PYNumcPsdbo<br>
BQmDBofd95q4ZmKrCTYs92xT+Ks8cugH1uTq6swB+mfuWKUcP4jy8F+kVEAsc9kS<br>
AfqQdOMiF4I4xfFbF/ssYNWB8QuPAMeGw4xLB/xcoKRCvleE12+sT9iv3vKaoF0W<br>
6uNpM+K/f5JbkrgfBLPnmBc0RYGKF5LnwSQaADYTYthYQT1WANH2HpTssLM+nq92<br>
k/+FPakQ5pI3mzBNaE5JAxv1JjcYHVuQK0ibEu/YBgWppH8iFtLX76nLPkmbgfsH<br>
pVo1WGxH1skgMKQp+cbYOlXbG4hLVfUySP859QQsNFS07XAjrmNKkecESqVx2oMe<br>
1MeMcDWy32T08evuzw/MDt2uwSymPPWJGgamIOviegV18bA4QI7bz6i84Tdu8F+F<br>
BXJVunWpliZqHQYWUSFhBMMWe6k0q1rgG19UoxXxGGQ61WWvEFV5wjZON1t1Jj7Z<br>
qZlfDdwqygUZUxMDJimHiqHNyqNyb1aP/xyqHxy60T9+lxwNQCK0xsMewfsU5R35<br>
NNb0ST98cq/P0ON1yiagjRv7yIDi0bYtsz+JvFkAK90a71nRshdlJ/HcoAztOLoY<br>
RoMSvehdYB/oMR8Z5Rov<br>
=HJDN<br>
-----END PGP SIGNATURE-----<br>
<br>
<br>
</blockquote></div><br></div>