On 19 Sep 2017, at 18:28, Turbo Fredriksson wrote:
> I’ve really never been a friend of tcpdump. I could never get it to give
> me what I needed.
Well, running:
sudo tcpdump -i eth0 port 6379 2>&1 | tee /tmp/y &
and then the redis client after that:
strace -s3000 redis-cli -h elastica
On 19 Sep 2017, at 18:08, Noel Kuntze
wrote:
> Likely has to do with pmtu discovery. You can use tcpdump and alike to try to
> figure out what
> actually happens on the network or continue wondering about what the strange
> machines do.
I’ve really never been a friend of tcpdump. I could neve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Likely has to do with pmtu discovery. You can use tcpdump and alike to try to
figure out what
actually happens on the network or continue wondering about what the strange
machines do.
On 19.09.2017 18:15, Turbo Fredriksson wrote:
> On 19 Sep 2017
On 19 Sep 2017, at 16:00, Noel Kuntze
wrote:
> Check the tcp metrics (ip tcp_metrics) and look at the MSS.
There’s no metrics at all related to mss on either of the VPN instances:
root@jumpbox-london:~# ip tcp_metrics | grep -i mss
root@jumpbox-london:~#
root@jumpbox:~# ip tcp_metrics 2>&1 |
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Now that you mention it: Also check the Network ACLs
On 19.09.2017 17:08, Simon Deziel wrote:
> On 2017-09-19 10:05 AM, Turbo Fredriksson wrote: >> On 19 Sep 2017, at 14:57,
> Noel Kuntze wrote: >> >>>
> Did you fix the MSS? Is the MTU on the tu
On 2017-09-19 10:05 AM, Turbo Fredriksson wrote:
> On 19 Sep 2017, at 14:57, Noel Kuntze
> wrote:
>
>> Did you fix the MSS? Is the MTU on the tunnel correct? Did you maybe break
>> PMTU discovery?
>
> Not sure, can’t remember… How do I check?
You mentioned EC2 so please double check that your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
MSS likely found out the right MSS very quickly with the lower MTU.
Other than guessing, I can't help you, because I have no access to your
environment.
I doubt anybody else can do anything else than that.
On 19.09.2017 17:00, Turbo Fredriksson wr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Check the tcp metrics (ip tcp_metrics) and look at the MSS.
On 19.09.2017 16:57, Turbo Fredriksson wrote:
> This is spooky!! > > I ran > > ip link set dev eth0 mtu 1500 > > on all
> instances in the chain. Then run > > iptables -A FORWARD -p tcp -
On 19 Sep 2017, at 15:57, Turbo Fredriksson wrote:
> all of a sudden it worked!!
Does anyone know a priest in London? It stopped working again! I hate when
things like this happens!! :)
signature.asc
Description: Message signed with OpenPGP
This is spooky!!
I ran
ip link set dev eth0 mtu 1500
on all instances in the chain. Then run
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--set-mss 128
on both the VPN i
HI
Thanks for the info but Im looking some examples, not only the wiki. Im
interested to find how to monitor service with some program like monit,
because sometimes is breaking and I need to recover in the moment.
I was using all ezamples from your web, but justly I can't find some
reference from
On 19 Sep 2017, at 15:16, Noel Kuntze
wrote:
> Usage of the MSS target in iptables, usage of kernel-netlink.mtu or of MTUs
> on the routes in the routing tables
root@jumpbox-london:~# iptables-save | grep -i MSS
root@jumpbox-london:~# ip route show
default via 10.110.3.1 dev eth0
10.110.3.0/24
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Oh btw, you can use "tracepath" and "tracepath6" (make sure you use -n to
disable resolving IP addresses to DNS names. Takes unnecessary amounts of time).
On 19.09.2017 16:16, Noel Kuntze wrote:
> > Usage of the MSS target in iptables, usage of ke
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Usage of the MSS target in iptables, usage of kernel-netlink.mtu or of MTUs on
the routes in the routing tables (check `ip route get` to find what route a
packet would take to some destination).
You break PMTU discovery if you don't accept ctstate
Copying a file from ‘London VPN’ to ‘Redis client London’ via scp
completes without any problem and I don’t see any “hiccups” or
stop-and-start of the copy. The file downloads at 13MB/s, which
isn’t fast, but good enough I’m sure.
On 19 Sep 2017, at 14:57, Noel Kuntze
wrote:
> Did you fix the MSS? Is the MTU on the tunnel correct? Did you maybe break
> PMTU discovery?
Not sure, can’t remember… How do I check?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Did you fix the MSS? Is the MTU on the tunnel correct? Did you maybe break PMTU
discovery?
On 19.09.2017 15:53, Turbo Fredriksson wrote:
> I’m not sure if this is a Strongswan problem, but I see some indications >
> that it might be, so I’m post
I’m not sure if this is a Strongswan problem, but I see some indications
that it might be, so I’m posting it here. If this is not the right place, let me
know and I’ll take it elsewhere.
I have setup a new region (London) in our AWS environment and are
trying to connect one of instances in there
I spoke too soon! It worked.
I read this on my iPhone and mistakenly put all arguments on one line!
Thanks!
From: Andreas Steffen
Sent: Monday, September 18, 2017 11:50 PM
To: R. Masucci; users@lists.strongswan.org
Subject: Re: [strongSwan] Permission Denie
Hello
You will find the content you can find via google very helpful.
http://lmgtfy.com/?q=sudo+redirect
Kind regards
NOel
On 19.09.2017 14:19, R. Masucci wrote:
>
> No luck.
>
>
> I'm in the /etc/ipsec.d directory and my permissions on that directory are
> set to:
>
>
> drwx-- 2 root
No luck.
I'm in the /etc/ipsec.d directory and my permissions on that directory are set
to:
drwx-- 2 root root 4096 Aug 17 14:16 private
Does that all look correct?
From: Andreas Steffen
Sent: Monday, September 18, 2017 11:50 PM
To: R. Masucci; use
Hi Marcos,
> I setup two connections with ipsec and now I was checking how to use
> systemd with ipsec. Now Im using package charon-systemd
>
> https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
>
> but not accepts ipsec.conf file. I can't find examples about changes to
> do to
HI
I setup two connections with ipsec and now I was checking how to use
systemd with ipsec. Now Im using package charon-systemd
https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
but not accepts ipsec.conf file. I can't find examples about changes to do
to use this system, and c
23 matches
Mail list logo
