DragonFly bugs List (threaded) for 2006-04
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: IPSEC/FAST_IPSEC panic.
Matthew Dillon wrote:
Could you explain the TCP timeout issue more? Does TCP work initially
and then fail at some point after the connection has been working for
a whlie ? I need to be able to duplicate the problem to track it down.
It might also help to use tcpdump to observe the packet traffic at the
point where the connection starts to fail and times out.
tcpdump -s 4096 -vvv -i em0 -n -l port <port_you_are_testing_tcp_on>
-Matt
I was able to setup another DragonFly box and configure IPSEC between
two DragonFly machines. FTP, DNS and PING (8000 bytes) worked between
the PCs but ssh did not (Same timeout errors). I have enabled
IPSEC_DEBUG but there is no diagnostic output. All PCs are built without
IPv6 support. (I'll test again with it enabled.)
Server:
192.168.20.4
DragonFly fire.local 1.5.3-DEVELOPMENT DragonFly 1.5.3-DEVELOPMENT #0:
Sun Apr 23 18:27:00 BST 2006
gary@xxxxxxxxxx:/usr/obj/usr/src/sys/BUILD-IPSEC i386
fire ~ # sockstat -4 -l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root vsftpd 642 3 tcp4 *:21 *:*
root sendmail 592 4 tcp4 127.0.0.1:25 *:*
root sshd 583 3 tcp4 *:22 *:*
bind named 307 20 udp4 192.168.20.4:53 *:*
bind named 307 21 tcp4 192.168.20.4:53 *:*
bind named 307 22 udp4 127.0.0.1:53 *:*
bind named 307 23 tcp4 127.0.0.1:53 *:*
bind named 307 24 udp4 *:1024 *:*
bind named 307 25 tcp4 127.0.0.1:953 *:*
Client:
192.168.20.6
FreeBSD lappy.local 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #1: Wed Apr 19
15:55:17 UTC 2006 root@xxxxxxxxxxx:/usr/obj/usr/src/sys/BUILD i386
When using FreeBSD 4.11 or 6.0 as a client UDP and ICMP connections work
but TCP connections to vsftpd and ssh time out. The ssh connections are
partially successful as the server displays the message.
Apr 25 17:48:59 fire sshd[708]: fatal: Timeout before authentication for
192.168.20.6
Thanks
Gary
17:25:56.132650 IP (tos 0x0, ttl 64, id 153, offset 0, flags [DF], length: 108) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x17): ESP(spi=0x00005fb5,seq=0x17)
17:25:59.131242 IP (tos 0x0, ttl 64, id 154, offset 0, flags [DF], length: 108) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x18): ESP(spi=0x00005fb5,seq=0x18)
17:25:59.131491 IP (tos 0x0, ttl 64, id 178, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x13): ESP(spi=0x00003d55,seq=0x13)
17:26:02.330203 IP (tos 0x0, ttl 64, id 155, offset 0, flags [DF], length: 108) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x19): ESP(spi=0x00005fb5,seq=0x19)
17:26:02.330422 IP (tos 0x0, ttl 64, id 179, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x14): ESP(spi=0x00003d55,seq=0x14)
17:26:05.529001 IP (tos 0x0, ttl 64, id 156, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x1a): ESP(spi=0x00005fb5,seq=0x1a)
17:26:05.529217 IP (tos 0x0, ttl 64, id 180, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x15): ESP(spi=0x00003d55,seq=0x15)
17:26:08.727881 IP (tos 0x0, ttl 64, id 157, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x1b): ESP(spi=0x00005fb5,seq=0x1b)
17:26:11.927255 IP (tos 0x0, ttl 64, id 158, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x1c): ESP(spi=0x00005fb5,seq=0x1c)
17:26:18.126097 IP (tos 0x0, ttl 64, id 159, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x1d): ESP(spi=0x00005fb5,seq=0x1d)
17:26:30.321695 IP (tos 0x0, ttl 64, id 160, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x1e): ESP(spi=0x00005fb5,seq=0x1e)
17:26:30.321926 IP (tos 0x0, ttl 64, id 181, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x16): ESP(spi=0x00003d55,seq=0x16)
17:26:54.513533 IP (tos 0x0, ttl 64, id 161, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x1f): ESP(spi=0x00005fb5,seq=0x1f)
17:26:54.513776 IP (tos 0x0, ttl 64, id 182, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x17): ESP(spi=0x00003d55,seq=0x17)
17:23:56.284365 IP (tos 0x0, ttl 64, id 122, offset 0, flags [DF], length: 108) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x8): ESP(spi=0x00005fb5,seq=0x8)
17:23:56.284599 IP (tos 0x0, ttl 64, id 160, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x5): ESP(spi=0x00003d55,seq=0x5)
17:23:59.283225 IP (tos 0x0, ttl 64, id 123, offset 0, flags [DF], length: 108) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0x9): ESP(spi=0x00005fb5,seq=0x9)
17:24:02.482010 IP (tos 0x0, ttl 64, id 124, offset 0, flags [DF], length: 108) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0xa): ESP(spi=0x00005fb5,seq=0xa)
17:24:05.680898 IP (tos 0x0, ttl 64, id 125, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0xb): ESP(spi=0x00005fb5,seq=0xb)
17:24:05.681163 IP (tos 0x0, ttl 64, id 163, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x6): ESP(spi=0x00003d55,seq=0x6)
17:24:08.879729 IP (tos 0x0, ttl 64, id 126, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0xc): ESP(spi=0x00005fb5,seq=0xc)
17:24:12.078713 IP (tos 0x0, ttl 64, id 127, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0xd): ESP(spi=0x00005fb5,seq=0xd)
17:24:12.078953 IP (tos 0x0, ttl 64, id 164, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x7): ESP(spi=0x00003d55,seq=0x7)
17:24:18.276958 IP (tos 0x0, ttl 64, id 128, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0xe): ESP(spi=0x00005fb5,seq=0xe)
17:24:18.277184 IP (tos 0x0, ttl 64, id 165, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x8): ESP(spi=0x00003d55,seq=0x8)
17:24:30.473180 IP (tos 0x0, ttl 64, id 129, offset 0, flags [DF], length: 92) 192.168.20.6 > fire: AH(spi=0x00005fb4,sumlen=16,seq=0xf): ESP(spi=0x00005fb5,seq=0xf)
17:24:30.473419 IP (tos 0x0, ttl 64, id 166, offset 0, flags [none], length: 84) fire > 192.168.20.6: AH(spi=0x00003d54,sumlen=16,seq=0x9): ESP(spi=0x00003d55,seq=0x9)
flush;
spdflush;
add 192.168.20.4 192.168.20.6 ah 15700 -A hmac-md5 "1234567890123456";
add 192.168.20.6 192.168.20.4 ah 24500 -A hmac-md5 "1234567890123456";
add 192.168.20.4 192.168.20.6 esp 15701 -E 3des-cbc "123456789012345678901234";
add 192.168.20.6 192.168.20.4 esp 24501 -E 3des-cbc "123456789012345678901234";
spdadd 192.168.20.4 192.168.20.6 any -P out ipsec
esp/transport//require
ah/transport//require;
flush;
spdflush;
add 192.168.20.4 192.168.20.6 ah 15700 -A hmac-md5 "1234567890123456";
add 192.168.20.6 192.168.20.4 ah 24500 -A hmac-md5 "1234567890123456";
add 192.168.20.4 192.168.20.6 esp 15701 -E 3des-cbc "123456789012345678901234";
add 192.168.20.6 192.168.20.4 esp 24501 -E 3des-cbc "123456789012345678901234";
spdadd 192.168.20.6 192.168.20.4 any -P out ipsec
esp/transport//require
ah/transport//require;
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]