[ previous ] [ next ] [ threads ]
 
 From:  Paul underscore Kiely at Monitor dot com
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSEC fragmentation
 Date:  Tue, 10 Oct 2006 10:58:47 -0400
Hello list,

I have a Soekris 4501 running m0n0wall version 1.22

I have an application that traverses the m0n0wall over an IPSEC tunnel. 
The application, which utilzes UDP port 5093, fails at a certain point.  A 
quick check of syslog reveals the following series of blocked segments:

Oct 10 10:26:20 cam-wir ipmon[83]: 10:26:20.260583 sis1 @100:2 b 
192.168.6.89 -> a.b.c.d PR udp len 20 (40) (frag 3227:20@1480) K-S IN
Oct 10 10:26:28 cam-wir ipmon[83]: 10:26:28.266672 sis1 @100:2 b 
192.168.6.89 -> a.b.c.d PR udp len 20 (40) (frag 3228:20@1480) K-S IN
Oct 10 10:26:38 cam-wir ipmon[83]: 10:26:38.262015 sis1 @100:2 b 
192.168.6.89 -> a.b.c.d PR udp len 20 (40) (frag 3229:20@1480) K-S IN

Rule 100:2 is the following:

@2 pass in log first quick from 192.168.6.0/24 to any keep state group 100

Does anyone know what may be causing this or how I can fix it?  I enabled 
"Allow fragmented IPsec packets" under the Advanced section but that has 
not fixed the problem.

Thanks.

-Paul



-----------------------------------
This message contains information that may be confidential and proprietary. Unless you are the
intended recipient (or authorized to receive this message for the intended recipient), you may not
use, copy, disseminate or disclose to anyone the message or any information contained in the
message. If you have received the message in error, please advise the sender by reply e-mail, and
delete the message immediately. Thank you very much.