Salut,
I have another problem with IPsec (using isakmpd). I used almost the example
config, but depending on the target, I get packet loss in different amounts:
* 10.16.1.131 to 10.1.2.9, for example, always stalls when trying to fetch
web sites via https
* 10.16.1.131 to 10.1.4.111 works well though, however, SSH connections
tend to stand still after a couple of minutes, and get reset
* 10.16.1.131 to 10.1.2.4 gives me sudden hangs when creating a lot of
traffic
Any idea what setting might cause this? When pinging through the VPN, I
get the following statistics:
10000 packets transmitted, 9967 packets received, 0% packet loss
round-trip min/avg/max/stddev = 20.135/24.896/176.564/11.385 ms
This doesn't seem very lossy, but it is actually enough to let some TCP
connections stall, it seems.
Looking at the logs, I used to see the following in pre-4.0 OpenBSD
versions:
Nov 13 14:53:46 rtsyg01 isakmpd[1447]: message_recv: invalid cookie(s)
5ca7897d133e5c6e 5edcdaaa3ed541a9
Nov 13 14:53:46 rtsyg01 isakmpd[1447]: dropped message from 213.189.149.229
port 500 due to notification type INVALID_COOKIE
But it seems that these messages disappeared as well. Now, there is no note
in the logs to why the packet loss occurrs at all.
Ideas?
Tonnerre
[demime 1.01d removed an attachment of type application/pgp-signature]
