Asymmetric ping mystery, using GreenBow/Linksys VPN

Web Server Talk > WebserverTalk Community > VPN > Asymmetric ping mystery, using GreenBow/Linksys VPN
Last Thread Next Thread Next
Asymmetric ping mystery, using GreenBow/Linksys VPN
Larry
01-30-07 12:14 AM
Network schematic:

Client PC with GreenBow VPN<==Internet==>Linksys BEFSX41 VPN router<--
Home LAN-->Server PC


The IPSec VPN tunnel opens as expected between the client PC and the
Linksys router, both set according to GreenBow's instructions (http://
www.thegreenbow.fr/doc/tgbvpn_cg_LinksysBEFVP41_en.pdf).  By the way,
kudos to GreenBow for creating a useful product and relatively simple
documentation, compared to the intractably complex documentation for
client PCs offered by Linksys.

The problem is that, with the VPN tunnel open, the client PC cannot
ping the server PC.  However, it can access data on the server using
Windows file sharing, and it can ping other nodes (not PCs) on the
home LAN.  It just can't ping the server.

And it gets stranger.  With the VPN tunnel still open, I tried pinging
the client from the server (reversed direction).  That ping went
through normally.  Then I went back and tried pinging the server from
the client (forward direction again).  Now that ping goes through
normally!  Once the server pings that client, it can respond to client
pings, but not before.  (Perhaps it believes clients should speak only
when spoken to? :-)

I have checked the server for firewalls, and all that I can see are
disabled.

I used Wireshark (formerly Ethereal) on the server to observe what
packets it sees.  Sure enough, the trace (below) shows incoming pings
from the client arriving but not getting a response.  Then it shows
outgoing pings to the client getting a response.  Then it shows the
second series of incoming pings from the client getting a response.

Can anybody offer an explanation and fix for this strange behavior?


Some particulars:

Both PCs running up-to-date Windows XP
GreenBow VPN client version 4.00.006
Linksys BEFSX41 firmware Version: 1.52.10
Home LAN using private IP subnet 192.168.15.X


Wireshark trace (captured at server):

[Client pings server, which fails to reply.]

No.     Time        Source                Destination
Protocol Info
1 0.000000    70.7.23.12            192.168.15.99
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
2 5.386446    70.7.23.12            192.168.15.99
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
3 10.905974   70.7.23.12            192.168.15.99
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
4 16.399834   70.7.23.12            192.168.15.99
ICMP     Echo (ping) request


[Server pings client, and receives replies.]

No.     Time        Source                Destination
Protocol Info
5 43.297308   192.168.15.99         70.7.23.12
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
6 43.600466   70.7.23.12            192.168.15.99
ICMP     Echo (ping) reply

No.     Time        Source                Destination
Protocol Info
7 44.297382   192.168.15.99         70.7.23.12
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
8 44.452911   70.7.23.12            192.168.15.99
ICMP     Echo (ping) reply

No.     Time        Source                Destination
Protocol Info
9 45.298523   192.168.15.99         70.7.23.12
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
10 45.465780   70.7.23.12            192.168.15.99
ICMP     Echo (ping) reply

No.     Time        Source                Destination
Protocol Info
11 46.299288   192.168.15.99         70.7.23.12
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
12 46.479116   70.7.23.12            192.168.15.99
ICMP     Echo (ping) reply


[Client pings server, which now replies.]

No.     Time        Source                Destination
Protocol Info
13 52.265711   70.7.23.12            192.168.15.99
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
14 52.265796   192.168.15.99         70.7.23.12
ICMP     Echo (ping) reply

No.     Time        Source                Destination
Protocol Info
15 53.279077   70.7.23.12            192.168.15.99
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
16 53.279159   192.168.15.99         70.7.23.12
ICMP     Echo (ping) reply

No.     Time        Source                Destination
Protocol Info
17 54.265521   70.7.23.12            192.168.15.99
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
18 54.265606   192.168.15.99         70.7.23.12
ICMP     Echo (ping) reply

No.     Time        Source                Destination
Protocol Info
19 55.278624   70.7.23.12            192.168.15.99
ICMP     Echo (ping) request

No.     Time        Source                Destination
Protocol Info
20 55.278706   192.168.15.99         70.7.23.12
ICMP     Echo (ping) reply
[ Post a follow-up to this message ]