[Oisf-users] IPSec handshake and AF-Packet
Leonard Jacobs
ljacobs at netsecuris.com
Thu Nov 26 00:03:28 UTC 2015
Well here is what we have discovered so far. There appears to be an incompatibility between SonicWALL's Global VPN Client version 4.9.4.0305 or higher. Possibly version 4.9.0 too but we have not tested that version yet. We know for sure that version 4.2.6.0305 works fine.
The symptom is IKE Phase 1 does not complete when IPSec VPN handshake traffic passes through the IPS set to AF-packet mode. We have not tested NFQUEUE mode.
SonicWALL obviously changed something in their Global VPN Client software.
Thanks.
Leonard
-----Original Message-----
From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Victor Julien
Sent: Wednesday, November 25, 2015 7:07 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] IPSec handshake and AF-Packet
On 25-11-15 13:56, Leonard Jacobs wrote:
> Experiencing IPSec handshake being stopped in AF-Packet mode. Setting
> defrag to no seems to help and connection is establushed but sometimes
> seems to have latency. Sometimes connection is just stopped. If
> connection is already established when Suricata is started then
> connection stays established. What could be causing this issue?
When reporting issues like this it's helpful if you can add more details, pcaps, log messages, anything.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
More information about the Oisf-users
mailing list