• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ARP prob on remote side

Scheduled Pinned Locked Moved IPsec
1 Posts 1 Posters 3.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    avldwx
    last edited by Aug 29, 2006, 1:30 AM Aug 28, 2006, 3:39 PM

    I'm trying to disconnect a T1 direct line between two locations and replace it with a DSL'd IPSEC tunnel. Windows SMB and IP printing are fine, but this embedded biometric timeclock isn't cooporating. We download from it with a oldish Windows winsock program.

    Fine over the T1, but a DLINK IKE Autokey tunnel didn't work, and now two pfSense RC2 boxes don't work, so I may be stuck.

    Ethereal isn't exporting for me, so… I loaded Wireshark

    pfsense does a Gratuitous ARP to find the timeclock (192.168.2.244) for the packets coming over the tunnel from x.1.102
    delivers the request.

    Then pfsense asks the remote subnet where the x.1.102 machine is instead for taking ownership of delivering the x.1.102 packets.
    (the Entersys router for the T1 does this)

    It's  "Who has 192.168.1.102? Tell 192.168.2.244 "
    The LAN pfSense interface doesn't respond.

    pfSense isn't in the conversation because I was filtering for 192.168.2.244 only. but where's it at like the Entersys below? Ah, the magic of IPSEC!!!

    I can post the ethereal captures. THANKS!!

    No.    Time        Source                Destination          Protocol Info
          1 0.000000    Pronet_61:74:49      Broadcast            ARP      Who has 192.168.2.244?  Gratuitous ARP
          2 1.841458    192.168.1.102        192.168.2.244        TCP      4682 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
          3 1.844307    Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
          4 3.654315    Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
          5 5.464055    Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
          6 7.274011    Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
          7 9.083820    Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
          8 11.693646  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
          9 13.503433  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
        10 13.831978  192.168.1.102        192.168.2.244        TCP      4688 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        11 13.834047  192.168.2.244        192.168.1.102        TCP      3001 > 4688 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        12 14.419300  192.168.1.102        192.168.2.244        TCP      4688 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        13 14.420570  192.168.2.244        192.168.1.102        TCP      3001 > 4688 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        14 15.004036  192.168.1.102        192.168.2.244        TCP      4688 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        15 15.005463  192.168.2.244        192.168.1.102        TCP      3001 > 4688 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        16 15.313196  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
        17 15.868215  192.168.1.102        192.168.2.244        TCP      4690 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        18 15.869765  192.168.2.244        192.168.1.102        TCP      3001 > 4690 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        19 16.399449  192.168.1.102        192.168.2.244        TCP      4690 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        20 16.400719  192.168.2.244        192.168.1.102        TCP      3001 > 4690 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        21 16.956312  192.168.1.102        192.168.2.244        TCP      4690 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        22 16.957939  192.168.2.244        192.168.1.102        TCP      3001 > 4690 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        23 17.123141  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
        24 17.837798  192.168.1.102        192.168.2.244        TCP      4691 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        25 17.839725  192.168.2.244        192.168.1.102        TCP      3001 > 4691 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        26 18.433957  192.168.1.102        192.168.2.244        TCP      4691 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        27 18.435199  192.168.2.244        192.168.1.102        TCP      3001 > 4691 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        28 18.997466  192.168.1.102        192.168.2.244        TCP      4691 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        29 18.999708  192.168.2.244        192.168.1.102        TCP      3001 > 4691 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        30 19.732899  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
        31 19.865398  192.168.1.102        192.168.2.244        TCP      4693 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        32 19.867017  192.168.2.244        192.168.1.102        TCP      3001 > 4693 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        33 20.424305  192.168.1.102        192.168.2.244        TCP      4693 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        34 20.425485  192.168.2.244        192.168.1.102        TCP      3001 > 4693 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        35 21.025670  192.168.1.102        192.168.2.244        TCP      4693 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        36 21.027142  192.168.2.244        192.168.1.102        TCP      3001 > 4693 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
        37 21.542796  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
        38 21.919633  192.168.1.102        192.168.2.244        TCP      4694 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        39 23.522731  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
        40 24.817952  192.168.1.102        192.168.2.244        TCP      4694 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
        41 25.622423  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
        42 27.432496  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
        43 29.242159  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
    I don't see the RST, ACKs when on the host side.

    For comparison, here the T1:
    No.    Time        Source                Destination          Protocol Info
          1 0.000000    Pronet_61:74:49      Broadcast            ARP      Who has 192.168.2.244?  Gratuitous ARP
          2 62.284043  Enterasy_a6:49:42    Broadcast            ARP      Who has 192.168.2.244?  Tell 192.168.2.1
          3 62.285489  Pronet_61:74:49      Enterasy_a6:49:42    ARP      192.168.2.244 is at 00:20:4a:61:74:49
          4 62.286019  192.168.1.102        192.168.2.244        TCP      1731 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
          5 62.289464  Pronet_61:74:49      Broadcast            ARP      Who has 192.168.1.102?  Tell 192.168.2.244
          6 62.289992  Enterasy_a6:49:42    Pronet_61:74:49      ARP      192.168.1.102 is at 00:01:f4:a6:49:42
          7 62.319856  192.168.2.244        192.168.1.102        TCP      3001 > 1731 [SYN, ACK] Seq=0 Ack=1 Win=1024 Len=0 MSS=1024
          8 62.327036  192.168.1.102        192.168.2.244        TCP      1731 > 3001 [ACK] Seq=1 Ack=1 Win=16384 Len=0
          9 63.234982  192.168.1.102        192.168.2.244        TCP      1731 > 3001 [PSH, ACK] Seq=1 Ack=1 Win=16384 Len=8

    Looking at this further, is NAT involved?? the ports are incrementing in the first set of replies : 4688, then 4690, 4691, 4693 (that's why I posted so much of it.)

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received