Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Oct 2001 19:36:37 +0900
From:      Shoichi Sakane <sakane@kame.net>
To:        tariq_rashid@lineone.net
Cc:        freebsd-security@freebsd.org
Subject:   Re: MTU and KAME ipsec
Message-ID:  <20011018193637H.sakane@kame.net>
In-Reply-To: Your message of "Thu, 18 Oct 2001 10:40:08 %2B0100" <E15u9eq-0008By-00@mk-smarthost-2.mail.uk.worldonline.com>
References:  <E15u9eq-0008By-00@mk-smarthost-2.mail.uk.worldonline.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

> the following is an example from tcpdump which suggests that the kame ipsec does not take sufficient header length off? i'm transferring a 50MB binary test file from a freebsd box across a kame vpn net onto a win2k box. 
> 
> the tcpdump is similar on both vpn bsd endpoints. the vpn protected ftp server' tcpdump shows 

umm, i have checked esp tunnel mode between two hosts.
there is one router between them.  it and looks works fine.
                  
just make sure, 192.168.1.2 and 192.168.1.1 are freebsd4.4 vpn box ?
and which side is there win2k box ?
there is no router between two vpn boxes ?

> 09:31:38.573809 192.168.1.2 > 192.168.1.1: (frag 9260:84@1456) [tos 0x8] 
> 09:31:38.575036 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0x9f) (frag 9262:1456@0+) [tos 0x8] 
> 09:31:38.575133 192.168.1.2 > 192.168.1.1: (frag 9262:84@1456) [tos 0x8] 
> 09:31:38.577280 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x8f)
> 09:31:38.579618 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa0) (frag 9264:1456@0+) [tos 0x8] 
> 09:31:38.579708 192.168.1.2 > 192.168.1.1: (frag 9264:84@1456) [tos 0x8] 
> 09:31:38.580940 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa1) (frag 9266:1456@0+) [tos 0x8] 
> 09:31:38.581037 192.168.1.2 > 192.168.1.1: (frag 9266:84@1456) [tos 0x8] 
> 09:31:38.582266 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa2) (frag 9268:1456@0+) [tos 0x8] 
> 09:31:38.582364 192.168.1.2 > 192.168.1.1: (frag 9268:84@1456) [tos 0x8] 
> 09:31:38.583021 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x90)
> 09:31:38.583156 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x91)
> 09:31:38.584578 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x92)
> 09:31:38.584722 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x93)
> 
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011018193637H.sakane>