"it is only one hop away from the joiner"
AS far as these ICMP packets are not going thru the VPN, the Wingate server's Public
IP is mostly more then 6 hopes away from the joiner.
And as the ICMP packets are going directly to the Internet, they are only reaching the Wingate server's router only. (wich most of time never answer to PING requests).
for me :
joiner is the Wingate VPN client (VPN to join... side)
server is the Wingate VPN server (VPN to host ... side)
With v2.1.3, my Ethereal captures of the "control sequence" on WAN side 'external interface' of a joiner looks like this for most of remote offices :
1 - a TCP control Packet [PSH,ACK] - - - : Server's Public IP (Wingate server TCP Control port)
==> Joiner's Local IP (Free joiner TCP port)
2 - an
ICMP ECHO request [TTL=6] - - - - : Joiner's Local IP
==> Server's Public IP (data = ping.)
3 - an
ICMP TTL EXCEEDED Packet - - - - :
'one internet node' IP ==> Joiner's local IP
4 - a TCP control Packet [ACK] - - - - : Joiner's local IP (free joiner TCP port)
==> Server's Public IP(Wingate Server TCP Control port)
with v2.1.1, the same catupe was
1 - a TCP control Packet [PSH,ACK] ---- : Server's Public IP (Wingate server TCP Control port)
==> Joiner's local IP (Free joiner TCP port)
2 - an
UDP packet (crypted) ---- : Joiner's local IP (Wingate joiner UDP data port)
==> Server's Public IP (Wingate Server UDP data port) :::: This is an encrypted ICMP REQUEST
3 - an
UDP packet (crypted) ---- :Server's Public IP (Wingate Server UDP data port)
==> Joiner local IP (Wingate joiner's UDP data port) ::::: This is an encrypted ICMP REPLY
4 - a TCP control Packet [ACK] ---- : Joiner local IP (Free joiner TCP port)
==> Server's PublicIP (Wingate server TCP Control port)
==> I think this might be a correct behavior
I'm wondering if this 2.1.3 behavior is normal, as 99% of these ICMP are getting an "TTL exceeded" message answer from an Internet Node.
Last edited by
jeff on Jun 15 06 12:12 pm, edited 1 time in total.