Re: VPN Routing issues from local IP to Big Internet IPs

"Ivan Pintori" <ivan@xxxxxxxxxx> · Thu, 04 Nov 2004 16:28:02 +0100

Ivan Pintori writes: 

Maybe the problem lies on the other side. Nope. I tcpdumped ppp0, and I 
get the ping back from the Big Internet host. So the packet goes out and 
comes back correctly, it just does not get "fowarded" on to the 
application level so that the ping program can register it.

Just to give you an idea of what I see with tcpdump, here it comes: 

[root@hoshimaru root]# ping -I ppp0 151.1.1.1

[root@hoshimaru root]# tcpdump -i ppp0

tcpdump: listening on ppp0

16:18:26.387006 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)

16:18:26.740705 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF)

16:18:27.386941 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)

16:18:27.740039 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF)

16:18:28.387023 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)

16:18:28.755338 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF)

16:18:29.386988 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)

16:18:29.743806 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF)

16:18:30.386977 172.16.XX.YY > 151.1.1.1: icmp: echo request (DF)

16:18:30.741172 151.1.1.1 > 172.16.XX.YY: icmp: echo reply (DF) 

And here a traceroute:

[root@hoshimaru root]# traceroute -i ppp0 151.1.1.1

traceroute to 151.1.1.1 (151.1.1.1), 30 hops max, 38 byte packets

1  172.16.0.1 (172.16.0.1)  165.423 ms  166.358 ms  164.800 ms

2  * * *

3  * * *

[etc] 

16:18:45.176421 172.16.XX.YY.34520 > 151.1.1.1.33435: udp 10 [ttl 1]

16:18:45.341516 172.16.0.1 > 172.16.XX.YY: icmp: time exceeded in-transit 
[tos 0xc0]

16:18:45.344151 172.16.XX.YY.34520 > 151.1.1.1.33436: udp 10 [ttl 1]

16:18:45.510231 172.16.0.1 > 172.16.XX.YY: icmp: time exceeded in-transit 
[tos 0xc0]

16:18:45.510560 172.16.XX.YY.34520 > 151.1.1.1.33437: udp 10 [ttl 1]

16:18:45.675086 172.16.0.1 > 172.16.XX.YY: icmp: time exceeded in-transit 
[tos 0xc0]

16:18:45.675423 172.16.XX.YY.34520 > 151.1.1.1.33438: udp 10

16:18:45.842148 SECONDHOP > 172.16.XX.YY: icmp: time exceeded in-transit

16:18:50.667262 172.16.XX.YY.34520 > 151.1.1.1.33439: udp 10

16:18:50.831541 SECONDHOP > 172.16.XX.YY: icmp: time exceeded in-transit

16:18:55.667351 172.16.XX.YY.34520 > 151.1.1.1.33440: udp 10

16:18:55.835469 SECONDHOP > 172.16.XX.YY: icmp: time exceeded in-transit

16:19:00.667955 172.16.XX.YY.34520 > 151.1.1.1.33441: udp 10

16:19:00.833257 THIRDHOP > 172.16.XX.YY: icmp: time exceeded in-transit

16:19:05.667458 172.16.XX.YY.34520 > 151.1.1.1.33442: udp 10

16:19:05.833473 THIRDHOP > 172.16.XX.YY: icmp: time exceeded in-transit

16:19:10.667546 172.16.XX.YY.34520 > 151.1.1.1.33443: udp 10

16:19:10.834686 THIRDHOP > 172.16.XX.YY: icmp: time exceeded in-transit

16:19:15.667676 172.16.XX.YY.34520 > 151.1.1.1.33444: udp 10

16:19:15.852906 FORTHHOP > 172.16.XX.YY: icmp: time exceeded in-transit

16:19:20.667643 172.16.XX.YY.34520 > 151.1.1.1.33445: udp 10

16:19:20.855853 FORTHHOP > 172.16.XX.YY: icmp: time exceeded in-transit

16:19:25.667731 172.16.XX.YY.34520 > 151.1.1.1.33446: udp 10

16:19:26.037855 FORTHHOP > 172.16.XX.YY: icmp: time exceeded in-transit 

Now you see why I am so puzzled? The packet goes out with the correct IP and 
comes back to the right IP. Too back that traceroute and ping just time out, 
and so every other application! 

ivan
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: VPN Routing issues from local IP to Big Internet IPs

Linux Advanced Routing and Traffic Control