larryka at gmail
Nov 25, 2009, 5:12 PM
Post #1 of 1
(893 views)
Permalink
|
|
vpnc 0.5.3 on Windows 7 not seeing inbound ESP packets
|
|
Hi,
I compiled vpnc 0.5.3 using cygwin on Windows 7. I have the OpenVPN
TAP-Win32 V9 driver installed as well. I can connect to my Cisco PIX and
obtain an IP address, setup routes, etc. properly without using NAT-T. When
I try to reach a machine on the remote network via a ping, I see outbound
ESP packets sent to the PIX and the appropriate packets hitting the remote
machine's interface (i.e. ICMP packets as monitored with tcpdump). However,
the replies from the remote machine are not making it back to my local
Windows 7 machine.
I have monitored my local connecting NIC with Wireshark and I see the
expected ESP packets hitting my local Windows 7 machine, but based on some
debug I added to tunip.c, it looks like vpnc is never seeing the packets
waiting on the esp_fd. The debug output below is never printed in my vpnc
console while running at debug 3 or higher:
if (FD_ISSET(s->esp_fd, &refds) ) {
DEBUG(1,printf("LWK: Received something on esp_fd...\n"));
process_socket(s);
}
I do occasionally see the debug output from this block of code:
if (s->ike_fd != s->esp_fd && FD_ISSET(s->ike_fd, &refds) ) {
DEBUG(3,printf("received something on ike fd..\n"));
len = recv(s->ike_fd, global_buffer_tx, MAX_HEADER + MAX_PACKET,
0);
process_late_ike(s, global_buffer_tx, len);
}
I have tried allowing ESP (protocol 50) inbound from anywhere in the Windows
Firewall, as well as disabling it all together, without a change in
behavior.
Any thoughts? I apologize if this issue has already been discussed on the
list, but I wasn't able to find something similar while searching the list
via Google.
Thanks,
Lawrence
|
