[Bug 801] New: Bridge dropping Ipsec fragmented packets
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Sun Sep 2 12:46:14 CEST 2012
http://bugzilla.netfilter.org/show_bug.cgi?id=801
Summary: Bridge dropping Ipsec fragmented packets
Product: netfilter/iptables
Version: linux-2.6.x
Platform: x86_64
OS/Version: Ubuntu
Status: NEW
Severity: major
Priority: P5
Component: nf_conntrack
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: saurabh.princesam at gmail.com
Estimated Hours: 0.0
Hi Team,
Scenerio:
I am using a squid proxy in inception(ebtables/Iptables rules are used) mode
for my small network.
Problem:
Whenever some tries to connect to cisco VPN over bridge the authentication
process goes through smoothly, but after that the status bar reads "Negotiation
security polices......." and after like 30 sec. the VPN disconnects.
When I bypass the bridging box the connection goes through smoothly without any
issues. I have checked that no IPTABLES OR EBTABLES rules are applied.
I tried changing the MTUs but no go. I am not sure what is this issue
regarding.
further to MTU changes I took a TCPdump of both my bridge interface. I noticed
that the ipsec ip fragmented packets are coming on the WAN port are getting
dropped. Similar to this post
http://lkml.indiana.edu/hypermail/linux/kernel/0604.0/0229.html
I also checked that the patch which is given here is also applied in my current
kernel version(2.6.38.12). I also updated the IGB drivers.
If any of you guys can suggest me something I would be highly obliged. I am up
for some coding changes that are required.
If any of you guys need any kind of logs or something to debug further kindly
let me know.
Looking forward to your reply.
Warm Regards
S
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list