Re: [EXTERNAL] Re: What throughput is reasonable?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2019-04-08 at 21:42 +0000, Phillips, Tony wrote:
> Hrrrm…  No dice here.
> 
> Summary:   Getting some RNETLINK barking and "policy FAIL" on the
> serer side, but ESP connection does seem to connect.
> 
> But no traffic flowing through it.   The "clients" tun0 interface
> does show OUTPUT packets, but nothing seems to be coming back from
> the other end?
> 
> See detailed output from both sides below -- I've probably missed
> something.

Make sure neither side has a firewall blocking UDP packets. Do a
tcpdump on the public interface at both ends, as each tries to ping the
other. Capture those UDP frames, tell wireshark how to decode them (you
have the keys).

If the "server" end isn't receiving packets... are you sure you're
running esplisten.pl ? 

Note you can also run the script at both ends and have kernel to kernel
ESP, before you reset the client end and try OpenConnect instead.

Another random thought... are you sure the proprietary client was
actually using ESP in the first place? If it was communicating over the
TCP connection using a modern version of TLS and an AEAD cipher it
could well have been going a lot faster than ESP ever will when limited
to AES-CBC.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel

[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux