| View previous topic :: View next topic |
| Author |
Message |
makenoob
Apprentice
Joined: 19 Aug 2004
Posts: 272
Location: /Germany/Düsseldorf
|
 Posted: Sun Nov 16, 2008 4:57 pm Post subject: ssh connection won't establish |
 |
|
hello,
if i want to connect via ssh to another host over a IPSEC-tunnel, it won't connect, however, the packages are arriving. maybe someone can look on the tcpdump output and shed some light on this:
| Code: | ~ $ sudo tcpdump -enttti eth0 host 192.168.83.204
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
000000 00:0e:0c:d7:d1:d1 > 00:00:24:c7:a2:1c, ethertype IPv4 (0x0800), length 74: 192.168.75.30.43847 > 192.168.83.204.22: S 2412058460:2412058460(0) win 5840 <mss 1460,sackOK,timestamp 1841180 0,nop,wscale 7>
019210 00:00:24:c7:a2:1c > 00:0e:0c:d7:d1:d1, ethertype IPv4 (0x0800), length 78: 192.168.83.204.22 > 192.168.75.30.43847: S 1380202761:1380202761(0) ack 2412058461 win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 90872990 1841180>
000015 00:0e:0c:d7:d1:d1 > 00:00:24:c7:a2:1c, ethertype IPv4 (0x0800), length 66: 192.168.75.30.43847 > 192.168.83.204.22: . ack 1 win 46 <nop,nop,timestamp 1841182 90872990>
041418 00:00:24:c7:a2:1c > 00:0e:0c:d7:d1:d1, ethertype IPv4 (0x0800), length 87: 192.168.83.204.22 > 192.168.75.30.43847: P 1:22(21) ack 1 win 17376 <nop,nop,timestamp 90872990 1841182>
000011 00:0e:0c:d7:d1:d1 > 00:00:24:c7:a2:1c, ethertype IPv4 (0x0800), length 66: 192.168.75.30.43847 > 192.168.83.204.22: . ack 22 win 46 <nop,nop,timestamp 1841186 90872990>
000082 00:0e:0c:d7:d1:d1 > 00:00:24:c7:a2:1c, ethertype IPv4 (0x0800), length 87: 192.168.75.30.43847 > 192.168.83.204.22: P 1:22(21) ack 22 win 46 <nop,nop,timestamp 1841186 90872990>
330972 00:0e:0c:d7:d1:d1 > 00:00:24:c7:a2:1c, ethertype IPv4 (0x0800), length 87: 192.168.75.30.43847 > 192.168.83.204.22: P 1:22(21) ack 22 win 46 <nop,nop,timestamp 1841220 90872990>
018239 00:00:24:c7:a2:1c > 00:0e:0c:d7:d1:d1, ethertype IPv4 (0x0800), length 66: 192.168.83.204.22 > 192.168.75.30.43847: . ack 22 win 17376 <nop,nop,timestamp 90872991 1841220>
000010 00:0e:0c:d7:d1:d1 > 00:00:24:c7:a2:1c, ethertype IPv4 (0x0800), length 858: 192.168.75.30.43847 > 192.168.83.204.22: P 22:814(792) ack 22 win 46 <nop,nop,timestamp 1841221 90872990>
214905 00:00:24:c7:a2:1c > 00:0e:0c:d7:d1:d1, ethertype IPv4 (0x0800), length 66: 192.168.83.204.22 > 192.168.75.30.43847: . ack 814 win 17376 <nop,nop,timestamp 90872991 1841221>
|
the ip on my end is 192.168.75.30 and 192.168.83.204 on the other end. DNS-requests and ICMP-pings go through.
here's my ifconfig output:
| Code: | ~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0e:0c:d7:d1:d1
inet addr:192.168.75.30 Bcast:192.168.75.255 Mask:255.255.255.0
inet6 addr: fe80::20e:cff:fed7:d1d1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:166054 errors:0 dropped:0 overruns:0 frame:0
TX packets:95383 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:236713724 (225.7 MiB) TX bytes:6876809 (6.5 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:262 errors:0 dropped:0 overruns:0 frame:0
TX packets:262 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:43264 (42.2 KiB) TX bytes:43264 (42.2 KiB)
|
my /etc/conf.d/net: | Code: | config_eth0=( "192.168.75.30/24" )
routes_eth0=(
"default via 192.168.75.20" # IPv4 default route
)
|
as you can see, the packages are going through and coming back but no connection is established, neither to a xBSD-host or a linux-host on the other end.
any ideas, anyone? |
|
| Back to top |
|
 |
makenoob
Apprentice
Joined: 19 Aug 2004
Posts: 272
Location: /Germany/Düsseldorf
|
| Posted: Tue Nov 18, 2008 1:48 pm Post subject: |
|
|
noone any idea?
*pushing* |
|
| Back to top |
|
|
vaguy02
Guru
Joined: 25 Feb 2005
Posts: 424
Location: Hopefully in one place
|
| Posted: Wed Nov 19, 2008 9:05 pm Post subject: |
|
|
Are you sure that the connection isn't being refused because of a rule on the router between 75 and 83 subnets?
_________________
Linux Registered User #458185
Intel Quad-Core w/ 4gigs Ram w/ 8800 GTX - Windows 7 RC
2x (Intel Dual-Core w/ 2gigs Ram - Gentoo)
Mac G5 Dual-Core w/ 2gigs Ram - OS 10.5 |
|
| Back to top |
|
|
makenoob
Apprentice
Joined: 19 Aug 2004
Posts: 272
Location: /Germany/Düsseldorf
|
| Posted: Thu Nov 20, 2008 11:13 am Post subject: |
|
|
the output of tcpdump is from the NIC of my gentoo box, so the packets are passing both IPSEC-ends. it works, when i use a *BSD-host to initiate the connection, but not with gentoo.  |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
