On 11/21/2013 1:53 PM, Axel Zöllich wrote: > the establishment of an openvpn link sometimes fails. > > I tracked it down to network traffic with wrong Sourceport in the answer > packet (should be 1300 not 1024): > 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source > port: 1300 > Destination port: 1300 > 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source > port: 1024 > Destination port: 1300 > > and a collateral entry in the connection tracking table (out of shorewall > dump): > > Conntrack Table (1512 out of 65536) > [...] > udp 17 22 src=212.117.77.218 dst=62.155.185.165 sport=1300 dport=1300 > [UNREPLIED] src=62.155.185.165 dst=80.152.162.192 sport=1300 dport=1024 > mark=0 > use=2 > udp 17 172 src=62.155.185.165 dst=80.152.162.192 sport=1300 dport=1300 > src=80.152.162.192 dst=62.155.185.165 sport=1300 dport=1300 [ASSURED] > mark=256 > use=2 > [...] > > > How can I get rid of the additional entry when the openvpn tunnel is renewed?
Use the 'conntrack' utility. -Tom - Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
