Hi,
I am facing some issues for my setup, we have an Application server which is behind the ClearOS -7 FW which after filter and NATing sending data to nginx server and nginx move request to App server.
----->Clearos --->nginx --->App Servers
Now i have a Remote Server which has some Application and connected with nginx with the help of Clearos "Ipsec VPN home ", when we trying to access some feature of this remote App it getting failed with timeout (error received in remote app server logs ).
Remote side we are using SOPHO UTM 3.9 FW ( which act as FW) and we have site to site VPN connectivity.
We have checked from Our side with the help of tcpdump by src and dst the remote server, traffic come to the nginx server on https port, but strange thing is it not hitting to nnginx ( there is no log entry in access and error log for that request).
Can you guys suggest if any tool available or any debug method available on clearos, so i can check the traffic movement from remote server reaching to nginx on specific port through clearos FW.
Please let me know if any other details required
Thanks
Regards
Sandeep Rohilla
I am facing some issues for my setup, we have an Application server which is behind the ClearOS -7 FW which after filter and NATing sending data to nginx server and nginx move request to App server.
----->Clearos --->nginx --->App Servers
Now i have a Remote Server which has some Application and connected with nginx with the help of Clearos "Ipsec VPN home ", when we trying to access some feature of this remote App it getting failed with timeout (error received in remote app server logs ).
Remote side we are using SOPHO UTM 3.9 FW ( which act as FW) and we have site to site VPN connectivity.
We have checked from Our side with the help of tcpdump by src and dst the remote server, traffic come to the nginx server on https port, but strange thing is it not hitting to nnginx ( there is no log entry in access and error log for that request).
Can you guys suggest if any tool available or any debug method available on clearos, so i can check the traffic movement from remote server reaching to nginx on specific port through clearos FW.
Please let me know if any other details required
Thanks
Regards
Sandeep Rohilla
Share this post:
Responses (8)
-
Accepted Answer
Your TCPDump post has only just shown up. I don't really know how to read them, but I am assuming vcard.myurl.in.https is your munged URL. Does it resolve to a LAN IP or WAN IP in site A? If you want it to go through the tunnel it needs to resolve to 10.162.34.201. Beyond that I can't to anything with the output.
Perhaps try a tracert (windows) or traceroute to vcard.myurl.in.https from site A and see where it goes. -
Accepted Answer
-
Accepted Answer
I'll start by saying I know nothing about nginx.
I presume you've done basic connectivity testing by pinging from the A side App server to the B side nginx and app servers and vice-versa?
Next thing to possibly look at is local firewalling. Packets from side A will appear to come from the 10.118.1.x subnet. Are these allowed in nginx, either into its firewall (if there is one) or its reverse-proxy configuration (assuming that is what it is doing). It will be the same in reverse. Packets arriving at side A will appear to come from 10.162.34.x. There is not normally any NAT between the two sides of the VPN, although I think you can add a specific NAT rule if you want.
I've no idea about the detailed functioning of a reverse proxy so I don't know if packets from side A appear to come from side A or nginx when they hit your side B app servers.
On side A, I would hazard a guess that you would need to have hosts file entries for all the hosts at side B which resolve to the nginx LAN IP.
There is another tool, nmap which can scan any port with udp or tcp to check if the port appears to be open through the VPN. -
Accepted Answer
Below are the tcpdump logs
src :- 10.118.1.100
-------------------------
16:23:57.196277 IP (tos 0x0, ttl 253, id 62941, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.108.40492 > vcard.myurl.in.https: Flags [S], cksum 0xd024 (correct), seq 310141425, win 26883, options [mss 8961,sackOK,TS val 263361580 ecr 0,nop,wscale 7], length 0
16:23:58.195139 IP (tos 0x0, ttl 253, id 62942, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40492 > vcard.myurl.in.https: Flags [S], cksum 0xcf2a (correct), seq 310141425, win 26883, options [mss 8961,sackOK,TS val 263361830 ecr 0,nop,wscale 7], length 0
16:24:00.199219 IP (tos 0x0, ttl 253, id 62943, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40492 > vcard.myurl.in.https: Flags [S], cksum 0xcd35 (correct), seq 310141425, win 26883, options [mss 8961,sackOK,TS val 263362331 ecr 0,nop,wscale 7], length 0
16:24:04.203205 IP (tos 0x0, ttl 253, id 62944, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40492 > vcard.myurl.in.https: Flags [S], cksum 0xc94c (correct), seq 310141425, win 26883, options [mss 8961,sackOK,TS val 263363332 ecr 0,nop,wscale 7], length 0
16:24:12.219229 IP (tos 0x0, ttl 253, id 62945, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40492 > vcard.myurl.in.https: Flags [S], cksum 0xc178 (correct), seq 310141425, win 26883, options [mss 8961,sackOK,TS val 263365336 ecr 0,nop,wscale 7], length 0
16:28:24.040348 IP (tos 0x0, ttl 253, id 60224, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x72fc (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263428293 ecr 0,nop,wscale 7], length 0
16:28:25.040310 IP (tos 0x0, ttl 253, id 60225, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x7202 (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263428543 ecr 0,nop,wscale 7], length 0
16:28:27.044268 IP (tos 0x0, ttl 253, id 60226, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x700d (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263429044 ecr 0,nop,wscale 7], length 0
16:28:31.052370 IP (tos 0x0, ttl 253, id 60227, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x6c23 (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263430046 ecr 0,nop,wscale 7], length 0
16:28:39.060411 IP (tos 0x0, ttl 253, id 60228, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x6451 (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263432048 ecr 0,nop,wscale 7], length 0
16:40:09.590125 IP (tos 0x0, ttl 253, id 47661, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [S], cksum 0xc20f (correct), seq 3637965800, win 26883, options [mss 8961,sackOK,TS val 263604677 ecr 0,nop,wscale 7], length 0
16:40:10.050824 IP (tos 0x0, ttl 253, id 47662, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0xfe51 (correct), seq 3637965801, ack 1844098489, win 211, options [nop,nop,TS val 263604792 ecr 1290077947], length 0
16:40:10.152189 IP (tos 0x0, ttl 253, id 47663, offset 0, flags [DF], proto TCP (6), length 252)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [P.], cksum 0x8b55 (correct), seq 0:200, ack 1, win 211, options [nop,nop,TS val 263604817 ecr 1290077947], length 200
16:40:10.617435 IP (tos 0x0, ttl 253, id 47664, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x57ba (correct), seq 200, ack 1, win 225, options [nop,nop,TS val 263604933 ecr 1290078509,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.617926 IP (tos 0x0, ttl 253, id 47665, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x5244 (cor16:28:24.040348 IP (tos 0x0, ttl 253, id 60224, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x72fc (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263428293 ecr 0,nop,wscale 7], length 0
16:28:25.040310 IP (tos 0x0, ttl 253, id 60225, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x7202 (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263428543 ecr 0,nop,wscale 7], length 0
16:28:27.044268 IP (tos 0x0, ttl 253, id 60226, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x700d (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263429044 ecr 0,nop,wscale 7], length 0
16:28:31.052370 IP (tos 0x0, ttl 253, id 60227, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x6c23 (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263430046 ecr 0,nop,wscale 7], length 0
16:28:39.060411 IP (tos 0x0, ttl 253, id 60228, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40502 > vcard.myurl.in.https: Flags [S], cksum 0x6451 (correct), seq 1500279685, win 26883, options [mss 8961,sackOK,TS val 263432048 ecr 0,nop,wscale 7], length 0
16:40:09.590125 IP (tos 0x0, ttl 253, id 47661, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [S], cksum 0xc20f (correct), seq 3637965800, win 26883, options [mss 8961,sackOK,TS val 263604677 ecr 0,nop,wscale 7], length 0
16:40:10.050824 IP (tos 0x0, ttl 253, id 47662, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0xfe51 (correct), seq 3637965801, ack 1844098489, win 211, options [nop,nop,TS val 263604792 ecr 1290077947], length 0
16:40:10.152189 IP (tos 0x0, ttl 253, id 47663, offset 0, flags [DF], proto TCP (6), length 252)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [P.], cksum 0x8b55 (correct), seq 0:200, ack 1, win 211, options [nop,nop,TS val 263604817 ecr 1290077947], length 200
16:40:10.617435 IP (tos 0x0, ttl 253, id 47664, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x57ba (correct), seq 200, ack 1, win 225, options [nop,nop,TS val 263604933 ecr 1290078509,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.617926 IP (tos 0x0, ttl 253, id 47665, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x5244 (correct), seq 200, ack 1371, win 247, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.618050 IP (tos 0x0, ttl 253, id 47666, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x4cd5 (correct), seq 200, ack 2741, win 268, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.618055 IP (tos 0x0, ttl 253, id 47667, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x4c23 (correct), seq 200, ack 2897, win 290, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.618190 IP (tos 0x0, ttl 253, id 47668, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x46b4 (correct), seq 200, ack 4267, win 311, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.618367 IP (tos 0x0, ttl 253, id 47669, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x429e (correct), seq 200, ack 5292, win 332, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.625560 IP (tos 0x0, ttl 253, id 47670, offset 0, flags [DF], proto TCP (6), lengrect), seq 200, ack 1371, win 247, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.618050 IP (tos 0x0, ttl 253, id 47666, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x4cd5 (correct), seq 200, ack 2741, win 268, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.618055 IP (tos 0x0, ttl 253, id 47667, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x4c23 (correct), seq 200, ack 2897, win 290, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.618190 IP (tos 0x0, ttl 253, id 47668, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x46b4 (correct), seq 200, ack 4267, win 311, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.618367 IP (tos 0x0, ttl 253, id 47669, offset 0, flags [DF], proto TCP (6), length 64)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0x429e (correct), seq 200, ack 5292, win 332, options [nop,nop,TS val 263604934 ecr 1290078514,nop,nop,sack 1 {4345:5292}], length 0
16:40:10.625560 IP (tos 0x0, ttl 253, id 47670, offset 0, flags [DF], proto TCP (6), length 214)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [P.], cksum 0x19c6 (correct), seq 200:362, ack 5292, win 332, options [nop,nop,TS val 263604935 ecr 1290078514], length 162
16:40:11.087506 IP (tos 0x0, ttl 253, id 47671, offset 0, flags [DF], proto TCP (6), length 185)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [P.], cksum 0xa68c (correct), seq 362:495, ack 5343, win 332, options [nop,nop,TS val 263605051 ecr 1290078983], length 133
16:40:11.554220 IP (tos 0x0, ttl 253, id 47672, offset 0, flags [DF], proto TCP (6), length 83)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [P.], cksum 0xa97b (correct), seq 495:526, ack 5748, win 354, options [nop,nop,TS val 263605168 ecr 1290079450], length 31
16:40:11.554225 IP (tos 0x0, ttl 253, id 47673, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [F.], cksum 0xdde9 (correct), seq 526, ack 5748, win 354, options [nop,nop,TS val 263605168 ecr 1290079450], length 0
16:40:12.014754 IP (tos 0x0, ttl 253, id 47674, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0xdba8 (correct), seq 527, ack 5749, win 354, options [nop,nop,TS val 263605283 ecr 1290079911], length 0
16:41:24.490953 IP (tos 0x0, ttl 253, id 14392, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [S], cksum 0x8b7b (correct), seq 257731281, win 26883, options [mss 8961,sackOK,TS val 263623401 ecr 0,nop,wscale 7], length 0
16:41:24.952206 IP (tos 0x0, ttl 253, id 14393, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [.], cksum 0x9608 (correct), seq 257731282, ack 206382197, win 211, options [nop,nop,TS val 263623517 ecr 1290152848], length 0
16:41:25.009203 IP (tos 0x0, ttl 253, id 14394, offset 0, flags [DF], proto TCP (6), length 252)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [P.], cksum 0xe95e (correct), seq 0:200, ack 1, win 211, options [nop,nop,TS val 263623531 ecr 1290152848], length 200
16:41:25.474635 IP (tos 0x0, ttl 253, id 14395, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [.], cksum 0x8d44 (correct), seq 200, ack 1371, win 232, options [nop,nop,TS val 263623647 ecr 1290153371], length 0
16:41:25.474761 IP (tos 0x0, ttl 253, id 14396, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [.], cksum 0x87d5 (correct), seq 200, ack 2741, win 253, options [nop,nop,TS val 263623647 ecr 1290153371], length 0
16:41:25.474927 IP (tos 0x0, ttl 253, id 14397, offseth 214)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [P.], cksum 0x19c6 (correct), seq 200:362, ack 5292, win 332, options [nop,nop,TS val 263604935 ecr 1290078514], length 162
16:40:11.087506 IP (tos 0x0, ttl 253, id 47671, offset 0, flags [DF], proto TCP (6), length 185)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [P.], cksum 0xa68c (correct), seq 362:495, ack 5343, win 332, options [nop,nop,TS val 263605051 ecr 1290078983], length 133
16:40:11.554220 IP (tos 0x0, ttl 253, id 47672, offset 0, flags [DF], proto TCP (6), length 83)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [P.], cksum 0xa97b (correct), seq 495:526, ack 5748, win 354, options [nop,nop,TS val 263605168 ecr 1290079450], length 31
16:40:11.554225 IP (tos 0x0, ttl 253, id 47673, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [F.], cksum 0xdde9 (correct), seq 526, ack 5748, win 354, options [nop,nop,TS val 263605168 ecr 1290079450], length 0
16:40:12.014754 IP (tos 0x0, ttl 253, id 47674, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40530 > vcard.myurl.in.https: Flags [.], cksum 0xdba8 (correct), seq 527, ack 5749, win 354, options [nop,nop,TS val 263605283 ecr 1290079911], length 0
16:41:24.490953 IP (tos 0x0, ttl 253, id 14392, offset 0, flags [DF], proto TCP (6), length 60)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [S], cksum 0x8b7b (correct), seq 257731281, win 26883, options [mss 8961,sackOK,TS val 263623401 ecr 0,nop,wscale 7], length 0
16:41:24.952206 IP (tos 0x0, ttl 253, id 14393, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [.], cksum 0x9608 (correct), seq 257731282, ack 206382197, win 211, options [nop,nop,TS val 263623517 ecr 1290152848], length 0
16:41:25.009203 IP (tos 0x0, ttl 253, id 14394, offset 0, flags [DF], proto TCP (6), length 252)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [P.], cksum 0xe95e (correct), seq 0:200, ack 1, win 211, options [nop,nop,TS val 263623531 ecr 1290152848], length 200
16:41:25.474635 IP (tos 0x0, ttl 253, id 14395, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [.], cksum 0x8d44 (correct), seq 200, ack 1371, win 232, options [nop,nop,TS val 263623647 ecr 1290153371], length 0
16:41:25.474761 IP (tos 0x0, ttl 253, id 14396, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [.], cksum 0x87d5 (correct), seq 200, ack 2741, win 253, options [nop,nop,TS val 263623647 ecr 1290153371], length 0
16:41:25.474927 IP (tos 0x0, ttl 253, id 14397, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [.], cksum 0x8264 (correct), seq 200, ack 4111, win 275, options [nop,nop,TS val 263623648 ecr 1290153371], length 0
16:41:25.474934 IP (tos 0x0, ttl 253, id 14398, offset 0, flags [DF], proto TCP (6), length 52)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [.], cksum 0x7db2 (correct), seq 200, ack 5292, win 296, options [nop,nop,TS val 263623648 ecr 1290153371], length 0
16:41:25.482355 IP (tos 0x0, ttl 253, id 14399, offset 0, flags [DF], proto TCP (6), length 214)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [P.], cksum 0x0987 (correct), seq 200:362, ack 5292, win 296, options [nop,nop,TS val 263623649 ecr 1290153371], length 162
16:41:25.944766 IP (tos 0x0, ttl 253, id 14400, offset 0, flags [DF], proto TCP (6), length 190)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [P.], cksum 0xf5de (correct), seq 362:500, ack 5343, win 296, options [nop,nop,TS val 263623765 ecr 1290153840], length 138
16:41:26.415269 IP (tos 0x0, ttl 253, id 14401, offset 0, flags [DF], proto TCP (6), length 83)
10.118.1.100.40532 > vcard.myurl.in.https: Flags [P.], cksum 0x5432 (correct), seq 500:531, ack 5832, win 318, options [nop,nop,TS val 263623883 ecr 1290154311], length 31
16:41:26.415276 IP (tos 0x0, ttl 253, id 14402, offset 0, flags [DF], proto TCP (
Dst :- 10.118.1.100
------------------------
16:28:24.040938 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x391f (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289372392 ecr 263428293,nop,wscale 7], length 0
16:28:25.040776 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.108.40502: Flags [S.], cksum 0x3537 (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289373392 ecr 263428293,nop,wscale 7], length 0
16:28:26.442314 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x2fbd (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289374794 ecr 263428293,nop,wscale 7], length 0
16:28:27.044631 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x2d63 (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289375396 ecr 263428293,nop,wscale 7], length 0
16:28:29.442310 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x2405 (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289377794 ecr 263428293,nop,wscale 7], length 0
16:28:31.052770 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x1dbb (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289379404 ecr 263428293,nop,wscale 7], length 0
16:28:39.060967 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0xca21 (correct), seq 1108779721, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289387412 ecr 263432048,nop,wscale 7], length 0
16:28:40.262226 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0xc56f (correct), seq 1108779721, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289388614 ecr 263432048,nop,wscale 7], length 0
16:28:42.462226 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0xbcd7 (correct), seq 1108779721, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289390814 ecr 263432048,nop,wscale 7], length 0
16:40:09.590714 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [S.], cksum 0x5fab (correct), seq 1844098488, ack 3637965801, win 28960, options [mss 1460,sackOK,TS val 1290077947 ecr 263604677,nop,wscale 7], length 0
16:40:10.152595 IP (tos 0x0, ttl 64, id 48497, offset 0, flags [DF], proto TCP (6), length 52)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [.], cksum 0xfb26 (correct), seq 1, ack 201, win 235, options [nop,nop,TS val 1290078509 ecr 263604817], length 0
16:40:10.156782 IP (tos 0x0, ttl 64, id 48498, offset 0, flags [DF], proto TCP (6), length 1500)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [.], cksum 0xe786 (correct), seq 1:1449, ack 201, win 235, options [nop,nop,TS val 1290078513 ecr 263604817], length 1448
16:40:10.157009 IP (tos 0x0, ttl 64, id 48499, offset 0, flags [DF], proto TCP (6), length 2948)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [.], cksum 0x44ce (incorrect -> 0xae66), seq 1449:4345, ack 201, win 235, options [nop,nop,TS val 1290078513 ecr 263604817], length 2896
16:40:10.157233 IP (tos 0x0, ttl 64, id 48501, offset 0, flags [DF], proto TCP (6), length 999)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [P.], cksum 0x1067 (correct), seq 4345:5292, ack 201, win 235, options [nop,nop,TS val 1290078513 ecr 2636048116:28:24.040938 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x391f (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289372392 ecr 263428293,nop,wscale 7], length 0
16:28:25.040776 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x3537 (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289373392 ecr 263428293,nop,wscale 7], length 0
16:28:26.442314 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x2fbd (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289374794 ecr 263428293,nop,wscale 7], length 0
16:28:27.044631 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x2d63 (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289375396 ecr 263428293,nop,wscale 7], length 0
16:28:29.442310 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x2405 (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289377794 ecr 263428293,nop,wscale 7], length 0
16:28:31.052770 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0x1dbb (correct), seq 874089248, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289379404 ecr 263428293,nop,wscale 7], length 0
16:28:39.060967 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0xca21 (correct), seq 1108779721, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289387412 ecr 263432048,nop,wscale 7], length 0
16:28:40.262226 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0xc56f (correct), seq 1108779721, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289388614 ecr 263432048,nop,wscale 7], length 0
16:28:42.462226 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40502: Flags [S.], cksum 0xbcd7 (correct), seq 1108779721, ack 1500279686, win 28960, options [mss 1460,sackOK,TS val 1289390814 ecr 263432048,nop,wscale 7], length 0
16:40:09.590714 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [S.], cksum 0x5fab (correct), seq 1844098488, ack 3637965801, win 28960, options [mss 1460,sackOK,TS val 1290077947 ecr 263604677,nop,wscale 7], length 0
16:40:10.152595 IP (tos 0x0, ttl 64, id 48497, offset 0, flags [DF], proto TCP (6), length 52)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [.], cksum 0xfb26 (correct), seq 1, ack 201, win 235, options [nop,nop,TS val 1290078509 ecr 263604817], length 0
16:40:10.156782 IP (tos 0x0, ttl 64, id 48498, offset 0, flags [DF], proto TCP (6), length 1500)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [.], cksum 0xe786 (correct), seq 1:1449, ack 201, win 235, options [nop,nop,TS val 1290078513 ecr 263604817], length 1448
16:40:10.157009 IP (tos 0x0, ttl 64, id 48499, offset 0, flags [DF], proto TCP (6), length 2948)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [.], cksum 0x44ce (incorrect -> 0xae66), seq 1449:4345, ack 201, win 235, options [nop,nop,TS val 1290078513 ecr 263604817], length 2896
16:40:10.157233 IP (tos 0x0, ttl 64, id 48501, offset 0, flags [DF], proto TCP (6), length 999)
vcard.myurl.in.https > 10.118.1.100.40530: Flags [P.], cksum 0x1067 (correct), seq 4345:5292, ack 201, win 235, options [nop,nop,TS val 1290078513 ecr 26360481 -
Accepted Answer
Hi Nick,
I have attached the Diagram. For the confidentiality i have change the IPs, but setup is ditto same.
Below is the explanation :-
I am at B side and using clearos 7, we have an Ipsec tunnel with side A. Auth server is present at A side maintained by A side Admin.
Tunnel is working perfectly we have tested, but since 3 days side A auth server logs says they are getting failed request (canceled request). from our side we have checked and we have not got any log entries at NGINX ( not in access and not in error log).
we tried capturing tcpdump logs by src and dst 10.118.1.100 and started the request ... tcpdump showing the https traffic reaching till nginx server at OS level, but we are not able to identify after that why it is not hitting to Nginx and why there is no log entry
My Application is at side B Nginx URL ( vcard.myurl.in --- Ip :- 10.162.34.200)
Please let me know if you need any further clarification
Thanks
Sandeep RohillaAttachments:
-
-
Accepted Answer
Hi Nick,
I have attached the Diagram. For the confidentiality i have change the IPs, but setup is ditto same.
Below is the explanation :-
I am at B side and using clearos 7, we have an Ipsec tunnel with side A. Auth server is present at A side maintained by A side Admin.
Tunnel is working perfectly we have tested, but since 3 days side A auth server logs says they are getting failed request (canceled request). from our side we have checked and we have not got any log entries at NGINX ( not in access and not in error log).
we tried capturing tcpdump logs by src and dst 10.118.1.100 and started the request ... tcpdump showing the https traffic reaching till nginx server at OS level, but we are not able to identify after that why it is not hitting to Nginx and why there is no log entry
My Application is at side B Nginx URL ( vcard.myurl.in --- Ip :- 10.162.34.200)
Please let me know if you need any further clarification, I have attached the tcpdump logs as well
Thanks
Sandeep RohillaAttachments:
-
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »