Hi, i moved racoon to strongswan 5.9.2_2
and i have site to site ipsec vpn connection between my two locations
after moving to strongswan i encountered printing problem . For example: when i send 4 documents over ipsec to network printer some of them successfully printed and the others fail with this error :
Printer prints this:
When i use racoon there was no problem .
Then i made some debug using TCPDUMP
command returned "bad cksum" on every packet like this:
(11.11 is pc 22.225 is network printer)
i also tried icmp request from pc to printer result is same again "bad cksum"
after that i set up wireguard between my locations no problem occured
i can't set up wg to some of my locations due to non supported devices.
and i can't return to racoon again.
Thanks for any help ..
here is my swanctl conf:
# INTERFACE CONFIGURATIONS
and i have site to site ipsec vpn connection between my two locations
after moving to strongswan i encountered printing problem . For example: when i send 4 documents over ipsec to network printer some of them successfully printed and the others fail with this error :
Printer prints this:
Code:
SPL ERROR - Incomplete Session by time out
POSITION: 0xe45d (13470)
SYSTEM : h6fwsim/os_hook
LINE : 1591
VERSION : SPL 5.98 07-24-2014
ERROR CODE : 11-1112When i use racoon there was no problem .
Then i made some debug using TCPDUMP
Code:
tcpdump -i enc0 port 9100 or 515 or 161 -n -vvvcommand returned "bad cksum" on every packet like this:
(11.11 is pc 22.225 is network printer)
Code:
tcpdump: listening on enc0, link-type ENC (OpenBSD encapsulated IP), capture size 262144 bytes
15:04:26.313992 (authentic,confidential): SPI 0x07e929da: IP (tos 0x0, ttl 127, id 26351, offset 0, flags [none], proto UDP (17), length 107, bad cksum 400 (->500)!)
192.168.11.11.61678 > 192.168.22.225.snmp: [udp sum ok] { SNMPv1 { GetRequest(64) R=8252429 25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1 } }
15:04:26.314079 (authentic,confidential): SPI 0x07e929da: IP (tos 0x0, ttl 127, id 26352, offset 0, flags [DF], proto UDP (17), length 107, bad cksum c3fe (->c4fe)!)
192.168.11.11.61678 > 192.168.22.225.snmp: [udp sum ok] { SNMPv1 { GetRequest(64) R=8252430 25.3.2.1.5.1 25.3.5.1.1.1 25.3.5.1.2.1 } }i also tried icmp request from pc to printer result is same again "bad cksum"
after that i set up wireguard between my locations no problem occured
i can't set up wg to some of my locations due to non supported devices.
and i can't return to racoon again.
Thanks for any help ..
here is my swanctl conf:
Code:
2000 {
fragmentation = yes
unique = replace
version = 1
aggressive = no
proposals = des-md5-modp768
dpd_delay = 10s
dpd_timeout = 60s
reauth_time = 25920s
over_time = 2880s
rand_time = 2880s
encap = no
mobike = no
remote_addrs = 222.222.222.222
local {
id = 111.111.111.111
auth = psk
}
remote {
id = 222.222.222.222
auth = psk
}
children {
2001 {
close_action = start
dpd_action = restart
mode = tunnel
policies = yes
life_time = 28800s
rekey_time = 25920s
rand_time = 2880s
start_action = trap
local_ts = 192.168.11.0/24
remote_ts = 192.168.22.0/24
esp_proposals = des-md5-modp768
}
}
}
}
secrets {
ike-0 {
secret = xxxxx
id-0 = %any
id-1 = 111.111.111.111
}
ike-1 {
secret = xxxxx
id-0 = %any
id-1 = 222.222.222.222
}
}# INTERFACE CONFIGURATIONS
Code:
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: enc
#WAN
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
ether asdasd
hwaddr asdasd
inet asdasd netmask 0xfffffffc broadcast asdasd
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
#LAN
igb1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
ether asdasd
hwaddr asdasd
inet 192.168.11.1 netmask 0xffffff00 broadcast 192.168.11.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active