I am connecting with strongswan (IKEv2) from my Debian 11 Computer (“client”, 192.168.0.217) to a network behind a cisco Router (Digitalisierungsbox standard by German Telecom 192.168.0.254). Connection works, I can work on the computers (“server” 192.168.0.100: Windows 10 and Windows server 2012) behind the router via remote desktop.
Now I want to print from the server on a printer connected to the client but i can’t (I’m quite sure it should work, because on Debian 10 using the shrew-soft-client (IKEv1) it worked fine). To make it easier, I try to access the Cups-Page on my client, but it times out.
In the log on the router of the servers network I see sending the packages to the right destination:
192.168.0.254 Jan 12 12:59:31 local0 debug INET SIF: Accept [39000000:192.168.0.100:64720] -> [38100002:192.168.0.217:631] :6
192.168.0.254 Jan 12 12:59:31 local0 debug INET interface 38100002: TCP SYN [192.168.0.100:64720] -> [192.168.0.217:631] clamp MSS 1460 ==> 1331
192.168.0.254 Jan 12 12:59:31 local0 debug INET NAT: new outgoing session on ifc 38100002 prot 6 192.168.0.100:64720/192.168.0.254:62698 -> 192.168.0.217:631
192.168.0.254 Jan 12 12:59:32 local0 debug INET new session, 192.168.0.100:64721->192.168.0.217:631 prot: 6 parent: false
192.168.0.254 Jan 12 12:59:32 local0 debug INET SIF: Accept [39000000:192.168.0.100:64721] -> [38100002:192.168.0.217:631] :6
192.168.0.254 Jan 12 12:59:32 local0 debug INET interface 38100002: TCP SYN [192.168.0.100:64721] -> [192.168.0.217:631] clamp MSS 1460 ==> 1331
192.168.0.254 Jan 12 12:59:32 local0 debug INET NAT: new outgoing session on ifc 38100002 prot 6 192.168.0.100:64721/192.168.0.254:43087 -> 192.168.0.217:631
and in wireshark on the client (at the same time) I see arriving packages, but the ports are very different:
48759 2022-01-12 12:59:31,035254804 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=870419 Win=63596 Len=0 TSval=174652356 TSecr=3628752175
48761 2022-01-12 12:59:31,051359519 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=870621 Win=63394 Len=0 TSval=174652358 TSecr=3628752191
48763 2022-01-12 12:59:31,067284339 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=870823 Win=63192 Len=0 TSval=174652359 TSecr=3628752207
48765 2022-01-12 12:59:31,083193849 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=871025 Win=62990 Len=0 TSval=174652361 TSecr=3628752223
48774 2022-01-12 12:59:31,187280462 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=871227 Win=62788 Len=0 TSval=174652371 TSecr=3628752329
48776 2022-01-12 12:59:31,211830656 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=871429 Win=64000 Len=0 TSval=174652374 TSecr=3628752343
48778 2022-01-12 12:59:31,227295312 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=871631 Win=63798 Len=0 TSval=174652375 TSecr=3628752367
48780 2022-01-12 12:59:31,258747303 192.168.0.100 192.168.0.217 TLSv1.2 1335 Application Data
48791 2022-01-12 12:59:32,508038748 192.168.0.100 192.168.0.217 TLSv1.2 1239 Application Data
48795 2022-01-12 12:59:32,642949411 192.168.0.100 192.168.0.217 TLSv1.2 119 Application Data
48798 2022-01-12 12:59:32,698302263 192.168.0.100 192.168.0.217 TCP 1385 3389 → 55808 [ACK] Seq=3136662 Ack=871934 Win=63495 Len=1319 TSval=174652521 TSecr=3628753769 [TCP segment of a reassembled PDU]
48801 2022-01-12 12:59:32,703330974 192.168.0.100 192.168.0.217 TCP 1385 3389 → 55808 [ACK] Seq=3137981 Ack=871934 Win=63495 Len=1319 TSval=174652521 TSecr=3628753769 [TCP segment of a reassembled PDU]
48804 2022-01-12 12:59:32,704846648 192.168.0.100 192.168.0.217 TLSv1.2 313 Application Data
So I suppose they don’t reach their destination (i.e. the cups-Server on the client).
Echo from client to server works, from server to client gives a time-out.
Also, Samba used to work with shrew-soft-client, now no more.
I tried some “arbitrary” iptables-rules I found in the internet, without success. IP-forward is on.
Thanks for help or any hints
Bernd
