One linux client, connected trought a Astaro Bridge (without NAT), need to connect to a remote pppd server.
Connections can be done randomly in following situation (that we need):
PPPDServer internet eth2 external (bridge ASTARO) eth3 dmz Linux pptp client
All protocol (GRE/TCP/UDP...) are allowed in both direction to/from PPPDServer and Linux client.
Moving linux client outside Astaro Bridge (directly to internet or trought Astaro MASQ), connections will be made without any problem:
PPPDServer internet Linux pptp client
or
PPPDServer internet eth1 ext (ASTARO MASQ) eth0 internal Linux pptp client
In Astaro Bridged connection, some TCP packet are modified from Astaro, in following 3 way:
- appending 2 zero filled bytes;
- appending 6 zero filled bytes;
- modifing 4 bytes of TCP packet, 2 bytes of cksum and 2 bytes of PEER_CALL_ID as in following two lines
(first line tcpdump in input at Astaro Bridge, second line tcpdump in input at linux client):
16:11:11.9 IP (tos 0x8, ttl 54, id 898, offset 0, flags [none], proto TCP (6), length 72) ***.***.***.pptp > ***.***.**.35010: ., cksum 0x385a (correct), 157:189(32) ack 325 win 5840: pptp Length=32 CTRL-MSG Magic-Cookie=****** CTRL_MSGTYPE=OCRP CALL_ID(1) PEER_CALL_ID(35010) RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0) CONN_SPEED(545259520) RECV_WIN(8) PROC_DELAY(1) PHY_CHAN_ID(0)
16:11:11.9 IP (tos 0x8, ttl 54, id 898, offset 0, flags [none], proto TCP (6), length 72) ***.***.***.pptp > ***.***.**.35010: ., cksum 0xc11c (correct), 157:189(32) ack 325 win 5840: pptp Length=32 CTRL-MSG Magic-Cookie=****** CTRL_MSGTYPE=OCRP CALL_ID(1) PEER_CALL_ID(0) RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0) CONN_SPEED(545259520) RECV_WIN(8) PROC_DELAY(1) PHY_CHAN_ID(0)
Test performed on Astaro Security Gateway Version 7.400 and 7.401
Anyone have similar problems?
We think that the tcp packet must be unmodified from Astaro Bridge, can be this a BUG?
Cheers
This thread was automatically locked due to age.
