[cuthbei]

Hi,

I have just switched ISP and have an odd situation where my Vodafone Sure Signal femtocell won't now connect. When I dump the traffic on the inside of my DD-WRT V24-SP2 I see

oot@OldTimbers:~# tcpdump -vv -i br0 port 4500
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 68 bytes
12:10:22.669578 IP (tos 0xb8, ttl 64, id 11546, offset 0, flags [none], proto UDP (17), length 29) 192.168.202.109.4500 > host212-183-133-179.uk.access.vodafone.net.4500: [udp sum ok] isakmp-nat-keep-alive
12:10:26.249781 IP (tos 0xb8, ttl 64, id 11547, offset 0, flags [none], proto UDP (17), length 476) 192.168.202.109.4500 > host212-183-133-179.uk.access.vodafone.net.4500: NONESP-encap: [|isakmp]

As can be seen, the Sure Signal box is trying to create an IPSec NAT-T connection on UDP port 4500.

The response never makes it back through the router though. On the outside I can see

tcpdump: listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 68 bytes
12:10:22.669917 IP (tos 0xb8, ttl 63, id 11546, offset 0, flags [none], proto UDP (17), length 29) 109-224-xxx-xxx.bb.adsl24.co.uk.4500 > host212-183-133-179.uk.access.vodafone.net.4500: [udp sum ok] isakmp-nat-keep-alive
12:10:26.250153 IP (tos 0xb8, ttl 63, id 11547, offset 0, flags [none], proto UDP (17), length 476) 109-224-xxx-xxx.bb.adsl24.co.uk.4500 > host212-183-133-179.uk.access.vodafone.net.4500: NONESP-encap: [|isakmp]
12:10:26.371451 IP (tos 0x0, ttl 245, id 13388, offset 1480, flags [none], proto UDP (17), length 1012) host212-183-133-179.uk.access.vodafone.net > 109-224-136-20.bb.adsl24.co.uk: udp

The third packet is of interest, it is the response from Vodafone. You can see it has a fragment offset of 1480, which means it is the 2nd packet of a fragmented stream. It has no flags set

12:10:26.371451 IP (tos 0x0, ttl 245, id 13388, offset 1480, flags [none], proto UDP (17), length 1012) host212-183-133-179.uk.access.vodafone.net > 109-224-136-20.bb.adsl24.co.uk: udp

This would be OK if I had a packet before this one from VF with an offset of 0 but a flag of + (more fragments). It appears, something is fragmenting the packets between VF and my DD-WRT.

Does anyone know if it is normal fr DD-WRT not to pass this single fragement? I.e. Is it likely to be waiting for all fragments before sending them?

I have tried to enable logging on the firewall to check for any drops, but don't see anything specific.

Any advice on how to troubleshoot this connection is appreciated.

Thanks, Ian

[cuthbei]

Sadly replying to my own post.

I found the problem and it appears to be an MTU negotiation failure over the PPPoE / PPPoA link between DD-WRT and my ISP. As this link passes through a Draytek Vigor 120, I'm fairly confident this is to blame.

The Draytek must drop the 1500 byte fragment / packet which is set from Vodafone back to me, as it doesn't have enough space for it with the PPPoE header.

[deanbag]

I'm having a similar problem with a Femtocell supplied by my telco Optus in Australia. a tcpdump on port 4500 shows something slightly different:

[MrFidget]

Has anyone been able to get (dr)Optus working

I must admit, I cheated and got one of those prepaid Telstra NextG battery wifi routers from JB. At least I got decent speed / coverage.

No they dont do DD-WRT, but I would be keen to see it
Cheers
Chris