Policy based routing & PPTP - bad cksum
-
Hello!
I want to do policy based routing for pptp clients and it doesn't work:
15:30:52.815617 IP (tos 0x0, ttl 128, id 4606, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 5887 (->8758)!) 81.89.114.189.62675 > 77.72.80.15.80: Flags [s], cksum 0x7e08 (correct), seq 4054747445, win 8192, options [mss 1356,nop,wscale 2,nop,nop,sackOK], length 0 15:30:53.055639 IP (tos 0x0, ttl 128, id 4615, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 4f87 (->874f)!) 81.89.114.189.13144 > 77.72.80.15.80: Flags [s], cksum 0xa282 (correct), seq 1470283843, win 8192, options [mss 1356,nop,wscale 2,nop,nop,sackOK], length 0 15:30:55.918337 IP (tos 0x0, ttl 128, id 4744, offset 0, flags [DF], proto TCP (6), length 52, bad cksum ce86 (->86ce)!) 81.89.114.189.47018 > 77.72.80.15.80: Flags [s], cksum 0x4fc2 (correct), seq 2106419398, win 8192, options [mss 1356,nop,wscale 2,nop,nop,sackOK], length 0 15:30:56.025533 IP (tos 0x0, ttl 128, id 4749, offset 0, flags [DF], proto TCP (6), length 48, bad cksum cd86 (->86cd)!) 81.89.114.189.17919 > 77.72.80.15.80: Flags [s], cksum 0x913e (correct), seq 2172758282, win 8192, options [mss 1356,nop,nop,sackOK], length 0 15:30:56.169359 IP (tos 0x0, ttl 128, id 4757, offset 0, flags [DF], proto TCP (6), length 52, bad cksum c186 (->86c1)!) 81.89.114.189.45255 > 77.72.80.15.80: Flags [s], cksum 0x065a (correct), seq 1354819038, win 8192, options [mss 1356,nop,wscale 2,nop,nop,sackOK], length 0 15:30:56.274554 IP (tos 0x0, ttl 128, id 4759, offset 0, flags [DF], proto TCP (6), length 48, bad cksum c386 (->86c3)!) 81.89.114.189.41007 > 77.72.80.15.80: Flags [s], cksum 0x15d2 (correct), seq 2229257960, win 8192, options [mss 1356,nop,nop,sackOK], length 0 15:30:58.812519 IP (tos 0x0, ttl 128, id 4852, offset 0, flags [DF], proto TCP (6), length 48, bad cksum 6686 (->8666)!) 81.89.114.189.62675 > 77.72.80.15.80: Flags [s], cksum 0x9211 (correct), seq 4054747445, win 8192, options [mss 1356,nop,nop,sackOK], length 0 15:30:58.919487 IP (tos 0x0, ttl 128, id 4857, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 5d86 (->865d)!) 81.89.114.189.47018 > 77.72.80.15.80: Flags [s], cksum 0x4fc2 (correct), seq 2106419398, win 8192, options [mss 1356,nop,wscale 2,nop,nop,sackOK], length 0 15:30:59.048514 IP (tos 0x0, ttl 128, id 4860, offset 0, flags [DF], proto TCP (6), length 48, bad cksum 5e86 (->865e)!) 81.89.114.189.13144 > 77.72.80.15.80: Flags [s], cksum 0xb68b (correct), seq 1470283843, win 8192, options [mss 1356,nop,nop,sackOK], length 0 15:30:59.172538 IP (tos 0x0, ttl 128, id 4868, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 5286 (->8652)!) 81.89.114.189.45255 > 77.72.80.15.80: Flags [s], cksum 0x065a (correct), seq 1354819038, win 8192, options [mss 1356,nop,wscale 2,nop,nop,sackOK], length 0 This is packets captured on second WAN interface while policy base routing turned on. 81.89.114.189 is WAN ip, so NAT applied correctly but packets leaving interface with strange wrong checksum. For users coming from LAN interface works as expected, no problem with checksum.[/s][/s][/s][/s][/s][/s][/s][/s][/s][/s]
-
L2TP VPN also doesn't work with policy based routing with same 'bad cksum' error on WAN interface.