bugzilla-daemon at bugzilla.netfilter.org
2012-Sep-02 10:46 UTC
[Bug 801] New: Bridge dropping Ipsec fragmented packets
bugzilla.netfilter.org/show_bug.cgi?id=801 Summary: Bridge dropping Ipsec fragmented packets Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: Ubuntu Status: NEW Severity: major Priority: P5 Component: nf_conntrack AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: saurabh.princesam at gmail.com Estimated Hours: 0.0 Hi Team, Scenerio: I am using a squid proxy in inception(ebtables/Iptables rules are used) mode for my small network. Problem: Whenever some tries to connect to cisco VPN over bridge the authentication process goes through smoothly, but after that the status bar reads "Negotiation security polices......." and after like 30 sec. the VPN disconnects. When I bypass the bridging box the connection goes through smoothly without any issues. I have checked that no IPTABLES OR EBTABLES rules are applied. I tried changing the MTUs but no go. I am not sure what is this issue regarding. further to MTU changes I took a TCPdump of both my bridge interface. I noticed that the ipsec ip fragmented packets are coming on the WAN port are getting dropped. Similar to this post lkml.indiana.edu/hypermail/linux/kernel/0604.0/0229.html I also checked that the patch which is given here is also applied in my current kernel version(2.6.38.12). I also updated the IGB drivers. If any of you guys can suggest me something I would be highly obliged. I am up for some coding changes that are required. If any of you guys need any kind of logs or something to debug further kindly let me know. Looking forward to your reply. Warm Regards S -- Configure bugmail: bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.