Menu
▾
▴
Re: [BULK] Re: [Devil-Linux-discuss] IPSec Problem, extremely weird.
|
From: Frank W. <Fra...@ct...> - 2006-05-16 12:41:40
|
> > Did you try your luck with the Openswan folks? We just use their stock > patch without any modifications. I DID try with them, and below is what Paul Wouters said. I didn't try anything yet, but on discussing it over with the remote admin, it appears that the crashing servers are all win2k3 without SP1. Those with SP1 don't crash. Unfortunately most of these servers belong to Citrix farms, and there seems to be some issue upgrading them to SP1. For the moment we're back to the old version (firewall/*swan), but probably not for too long. Anyway, it's hard to believe we're in the third millennium, and people buy expensive operating system software that can be crashed just by sending them a single (totally valid) IP packet :-P Thanks a lot Frank ------------8<----------- > I have an extremely weird problem with IPsec tunnels in Devil-Linux: > > I have two sites that are linked LAN-2-LAN by an IPSec tunnel that runs on > dedicated Linux firewalls. > > I have upgraded the two firewalls from gibraltar > to Devil-Linux-1.2.9 (Gibraltar had Freeswan 2.0.4, DL has Openswan 2.4.4) > > When I try to establish a TCP connection to any windows server (2k, 2k3), the > server restarts immediately (bluescreen, complaining about TCPIP.SYS error, > and reboots). wow. that's pretty bad. Are those machines running with all service packs and updates installed? > The crashing can be triggered either by normal windows clients trying to > connect to the server, or by a linux client that does 'telnet x.y.z.t 25' to > the server. Obviously, those servers are in need of fixing, but perhaps as a work around you can set the mtu on both openswan servers to 1440 or 1400? My guess is it would be related to mtu/packetsize/df-bit issues. Paul |
