[Oisf-users] AF-Packet and VPN
elof2 at sentor.se
elof2 at sentor.se
Tue Mar 8 16:45:26 UTC 2016
On Sun, 20 Dec 2015, Leonard Jacobs wrote:
> Is there anything in AF-Packet that could possibly being causing VPN IKE phase to not complete? This issue appears to only be happening on client to firewall VPN. Firewall to firewall VPN seems to work ok.
Replying to an *old* message here. :-)
Many++ years ago I had VPN problems because I forgot to block the sniffed
packets after capturing them on my sniffer machine. Therefore, the packets
continued all the way up to the TCP/IP stack, and since I had forwarding
enabled, the sniffed packets was also routed out. :-)
Anyhow, some of these sniffed packets were IPSEC negotiation-packets from
a VPN-node to another.
When the packets got replayed, the IPSEC state got confused (or some
security mechanism took effect), effectively tearing down the VPN.
Doh! :-)
Now I never forget to put my sniffing nics in 'monitor' mode (drop
packet directly after the BPF layer) on my FreBSD boxes. :-)
/Elof
More information about the Oisf-users
mailing list