[strongSwan] strongswan-5.1.1 with 4.xx, tunnel pb
Volker Rümelin
vr_strongswan at t-online.de
Mon Jan 6 21:58:53 CET 2014
Hello Serge,
> Hello,
>
> I made some homework and found out different elements, which may help to troubleshoot.
>
>>> This packet was a large packet and was sent as two UDP fragments.
> What looked like to be a packet fragmentation, in fact appeared to be two different CAs sent in the key exchange.
> I had 2 CAs in the "cacert" folder due to the coming expiration of one of them. So I removed the expired one and the packet duplication was solved.
>
sorry, but I doubt this solved your fragmentation problem. To be sure I
suggest you once again initiate a ikev2 connection and capture the
packets with tcpdump on both sides at the same time. Something like
root at bt:~ # tcpdump -i eth0 -n -v -s 0 'host 192.168.4.10'
root at karma:~ # tcpdump -i eth0 -n -v -s 0 'host 192.168.4.87'
And I would also like to see
# tail -f /var/log/messages | grep 'charon:'
from both sides.
Btw. did you read the strongswan documentation about ikev1
fragmentation? Especially the part since which strongswan version it is
available? Ikev1 doesn't help here.
Regards,
Volker
More information about the Users
mailing list