|
Home > Archive > VPN > January 2007 > Asymmetric ping mystery, using GreenBow/Linksys VPN
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Asymmetric ping mystery, using GreenBow/Linksys VPN
|
|
|
| Network schematic:
Client PC with GreenBow VPN<==Internet==>Linksys BEFSX41 VPN router<--
Home LAN-->Server PC
The IPSec VPN tunnel opens as expected between the client PC and the
Linksys router, both set according to GreenBow's instructions (http://
www.thegreenbow.fr/doc/tgbvpn_cg_LinksysBEFVP41_en.pdf). By the way,
kudos to GreenBow for creating a useful product and relatively simple
documentation, compared to the intractably complex documentation for
client PCs offered by Linksys.
The problem is that, with the VPN tunnel open, the client PC cannot
ping the server PC. However, it can access data on the server using
Windows file sharing, and it can ping other nodes (not PCs) on the
home LAN. It just can't ping the server.
And it gets stranger. With the VPN tunnel still open, I tried pinging
the client from the server (reversed direction). That ping went
through normally. Then I went back and tried pinging the server from
the client (forward direction again). Now that ping goes through
normally! Once the server pings that client, it can respond to client
pings, but not before. (Perhaps it believes clients should speak only
when spoken to? :-)
I have checked the server for firewalls, and all that I can see are
disabled.
I used Wireshark (formerly Ethereal) on the server to observe what
packets it sees. Sure enough, the trace (below) shows incoming pings
from the client arriving but not getting a response. Then it shows
outgoing pings to the client getting a response. Then it shows the
second series of incoming pings from the client getting a response.
Can anybody offer an explanation and fix for this strange behavior?
Some particulars:
Both PCs running up-to-date Windows XP
GreenBow VPN client version 4.00.006
Linksys BEFSX41 firmware Version: 1.52.10
Home LAN using private IP subnet 192.168.15.X
Wireshark trace (captured at server):
[Client pings server, which fails to reply.]
No. Time Source Destination
Protocol Info
1 0.000000 70.7.23.12 192.168.15.99
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
2 5.386446 70.7.23.12 192.168.15.99
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
3 10.905974 70.7.23.12 192.168.15.99
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
4 16.399834 70.7.23.12 192.168.15.99
ICMP Echo (ping) request
[Server pings client, and receives replies.]
No. Time Source Destination
Protocol Info
5 43.297308 192.168.15.99 70.7.23.12
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
6 43.600466 70.7.23.12 192.168.15.99
ICMP Echo (ping) reply
No. Time Source Destination
Protocol Info
7 44.297382 192.168.15.99 70.7.23.12
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
8 44.452911 70.7.23.12 192.168.15.99
ICMP Echo (ping) reply
No. Time Source Destination
Protocol Info
9 45.298523 192.168.15.99 70.7.23.12
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
10 45.465780 70.7.23.12 192.168.15.99
ICMP Echo (ping) reply
No. Time Source Destination
Protocol Info
11 46.299288 192.168.15.99 70.7.23.12
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
12 46.479116 70.7.23.12 192.168.15.99
ICMP Echo (ping) reply
[Client pings server, which now replies.]
No. Time Source Destination
Protocol Info
13 52.265711 70.7.23.12 192.168.15.99
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
14 52.265796 192.168.15.99 70.7.23.12
ICMP Echo (ping) reply
No. Time Source Destination
Protocol Info
15 53.279077 70.7.23.12 192.168.15.99
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
16 53.279159 192.168.15.99 70.7.23.12
ICMP Echo (ping) reply
No. Time Source Destination
Protocol Info
17 54.265521 70.7.23.12 192.168.15.99
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
18 54.265606 192.168.15.99 70.7.23.12
ICMP Echo (ping) reply
No. Time Source Destination
Protocol Info
19 55.278624 70.7.23.12 192.168.15.99
ICMP Echo (ping) request
No. Time Source Destination
Protocol Info
20 55.278706 192.168.15.99 70.7.23.12
ICMP Echo (ping) reply
|
|
|
|
|