On Thu, Jan 26, 2006 at 12:09:15PM -0700, Bob DeBolt wrote:
> Greets
>
> OpenBSD 3.8 stable
>
> Cable connection to remote town
>
> Normal internal network IP's are DT 192.168.10/24, Remote 192.168.8/24
>
> When pinging and endpoint from one end of an IPSec tunnel to the other,
> occasionally the ping returns with one of the 10.X.X.X IP's of a router along
> the path. The router IP shows up on traceroute and is more often than not the
> same one, last hop before the firewall . We see this happening when receiving
> a complaint from the small town users about not being able to login to the DT
> servers. After what is usually a brief period, they login and the pings
> return to normal. This can roll along for weeks without issue, (other than
> high latency issues), then a few days in a row this happens.
>
> As one would expect the cable company, when queried about this, never has any
> problems with their equipment. DSL is not available where they are at
>
> Main question is this, why does the 10.x.x.x address come back to us instead
> of timing out??
I sure hope you are not pinging accross the VPN, as getting a 10.x.x.x
'pong' response would not be a very good sign in that case (indicative
of the 10.x.x.x somehow getting a hold of your traffic - either a rather
skilled hacker with your keys, your TLA of choice, or a rather bad
misconfiguration on your part).
Looks like some issue - possibly routing, possibly another
misconfiguration, possibly broken hard- or software - with the router;
have you taken this up with whoever takes care of it?
There are a few routing daemons in OpenBSD; if alternative networking
paths exist, you might want to investigate them. OpenBGP might be
especially useful, if you are big enough.
Joachim
