Dave_Dykstra_ wrote:
> Because of the piplined nature of the rsync implementation and the
> back-and-forth nature of the rsync protocol, rsync stresses many TCP
> implementations. No one else has mentioned a problem with FreeSwan, but I
> suspect a bug with it. You should at least run "netstat" on both ends and
> let us know what the send and receive queues are on both sides of that TCP
> connection. In the end it will probably take some intervention from the
> FreeSwan implementers; if you can give them a test case that they can use
> to reproduce it, it will probably help them.
OK, more info.
I tried the following today over the Freeswan link:
>From the remote host [EMAIL PROTECTED] - which has an (internal) address
of 192.168.2.254: - I do:
rsync -azCvvc * 203.37.221.107:work/prod-head
I get:
Building file list ...
and then a few files are synced (maybe a hundred or so). It then hangs
indefinitely.
203.37.221.107 is the (real) address) of my local system - a temporary
ppp connection (provided on dialup by the ISP) and the same address as
the IPSEC link
The local system is raita.finder.com.au with (internal) address of
192.168.254.245
/sbin/ifconfig gives:
eth0 Link encap:Ethernet HWaddr 00:C0:26:24:23:F7
inet addr:192.168.254.245 Bcast:192.168.254.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8109 errors:0 dropped:0 overruns:0 frame:0
TX packets:7038 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xd000
ipsec0 Link encap:Point-to-Point Protocol
inet addr:203.37.221.107 Mask:255.255.255.255
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:399 errors:0 dropped:0 overruns:0 frame:0
TX packets:453 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:2668 errors:0 dropped:0 overruns:0 frame:0
TX packets:2668 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:203.37.221.107 P-t-P:203.37.221.18
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:3294 errors:1 dropped:0 overruns:0 frame:1
TX packets:2843 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
I get this from the local netstat -t:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 raita.finder.com.:pop-3 raita.finder.com.a:1152
TIME_WAIT
tcp 0 0 ts-bris-2-p59.bris:1021 dux.gc.eracom.com.:1021
ESTABLISHED
tcp 0 37608 ts-bris-2-p59.bri:shell dux.gc.eracom.com.:1023
ESTABLISHED
tcp 0 0 ts-bris-2-p59.bris:1022 dux.gc.eracom.com:login
ESTABLISHED
tcp 1 0 ts-bris-2-p59.bris:1094 63.209.29.152:www
CLOSE_WAIT
tcp 1 0 ts-bris-2-p59.bris:1093 big-image.mediaplex:www
CLOSE_WAIT
tcp 0 0 ts-bris-2-p59.bris:1023 dux.gc.eracom.com:login
ESTABLISHED
tcp 0 0 raita.finder.com.au:224 grass.finder.com.a:1341
ESTABLISHED
... and this from the remote netstat -t (with irrelevent connections
removed):
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
...
tcp 0 0 localhost.localdom:1021 ts-bris-2-p59.bris:1021
ESTABLISHED
tcp 0 0 localhost.localdom:1023 ts-bris-2-p59.bri:shell
ESTABLISHED
tcp 0 700 localhost.localdo:login ts-bris-2-p59.bris:1022
ESTABLISHED
tcp 0 0 localhost.localdo:login ts-bris-2-p59.bris:1023
ESTABLISHED
...
Freeswan shows:
{root@raita:/root/}:999# ipsec look
raita.finder.com.au Thu Jan 4 12:07:55 EST 2001
203.37.221.107/32 -> 192.168.2.0/24 => [EMAIL PROTECTED]
[EMAIL PROTECTED]
ipsec0->ppp0 mtu=16260->1500
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out ooowin=32
seq=610 alen=128 aklen=128 eklen=192
life(c,s,h)=bytes(95352,0,0)add(1808,0,0)use(1981,0,0)packets(610,0,0)
idle=116
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in ooowin=32 seq=593
bit=0xffffffff max_seq_diff=3 alen=128 aklen=128 eklen=192
life(c,s,h)=bytes(314296,0,0)add(1808,0,0)use(1982,0,0)packets(522,0,0)
idle=145
[EMAIL PROTECTED] IPIP: dir=in 203.144.16.147 -> 203.37.221.107
life(c,s,h)=add(1808,0,0)
[EMAIL PROTECTED] IPIP: dir=out 203.37.221.107 -> 203.144.16.147
life(c,s,h)=bytes(75426,0,0)add(1808,0,0)use(1981,0,0)packets(610,0,0)
idle=116
0.0.0.0 203.37.221.18 0.0.0.0 UG 0 0 0
ppp0
192.168.2.0 203.37.221.18 255.255.255.0 UG 0 0 0
ipsec0
203.37.221.18 0.0.0.0 255.255.255.255 UH 0 0 0
ipsec0
203.37.221.18 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
Destination Gateway Genmask Flags MSS Window irtt
Iface
... which looks pretty normal
Can anyone tell me what's gone wrong?
THanks
--
Bob Hepple
mailto:[EMAIL PROTECTED]
http://www.finder.com.au
