Results 1 to 5 of 5
  1. #1
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,092

    Default Huge amount of "WARNING (unknown src intf)" in messages log.

    Is there any known issues?

    Quick search and I did find a few old bugs but nothing that matched what we where seeing.

    We see how a few IPSec Users are generating GB of message/syslog logs.
    Sample for message log.
    Code:
    May  9 11:16:48 ut kernel: [12180592.842701] WARNING (unknown src intf):IN=ppp2 OUT= MAC= SRC=172.20.180.4 DST=X.X.X.X LEN=372 TOS=0x00 PREC=0x00 TTL=128 ID=22039 DF PROTO=TCP SPT=63123 DPT=445 WINDOW=7781 RES=0x00 ACK PSH URGP=0 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.851835] WARNING (unknown src intf):IN=ppp2 OUT= MAC= SRC=172.20.180.4 DST=X.X.X.X LEN=112 TOS=0x00 PREC=0x00 TTL=128 ID=22040 DF PROTO=TCP SPT=63123 DPT=445 WINDOW=7781 RES=0x00 ACK PSH URGP=0 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.853552] WARNING (unknown src intf):IN=ppp2 OUT= MAC= SRC=172.20.180.4 DST=X.X.X.X LEN=132 TOS=0x00 PREC=0x00 TTL=128 ID=22041 DF PROTO=TCP SPT=63123 DPT=445 WINDOW=7780 RES=0x00 ACK PSH URGP=0 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.855056] WARNING (unknown src intf):IN=ppp5 OUT= MAC= SRC=172.20.180.7 DST=X.X.X.X LEN=105 TOS=0x00 PREC=0x00 TTL=128 ID=14321 PROTO=UDP SPT=50000 DPT=3479 LEN=85 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.855217] WARNING (unknown src intf):IN=ppp2 OUT= MAC= SRC=172.20.180.4 DST=X.X.X.X LEN=1200 TOS=0x00 PREC=0x00 TTL=128 ID=22042 DF PROTO=TCP SPT=63123 DPT=445 WINDOW=7780 RES=0x00 ACK URGP=0 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.855268] WARNING (unknown src intf):IN=ppp2 OUT= MAC= SRC=172.20.180.4 DST=X.X.X.X LEN=785 TOS=0x00 PREC=0x00 TTL=128 ID=22043 DF PROTO=TCP SPT=63123 DPT=445 WINDOW=7780 RES=0x00 ACK PSH URGP=0 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.862869] WARNING (unknown src intf):IN=ppp2 OUT= MAC= SRC=172.20.180.4 DST=X.X.X.X LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=22044 DF PROTO=TCP SPT=63123 DPT=445 WINDOW=7784 RES=0x00 ACK URGP=0 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.863243] WARNING (unknown src intf):IN=ppp5 OUT= MAC= SRC=172.20.180.7 DST=X.X.X.X LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=14322 PROTO=UDP SPT=50000 DPT=3479 LEN=100 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.863359] WARNING (unknown src intf):IN=ppp2 OUT= MAC= SRC=172.20.180.4 DST=X.X.X.X LEN=412 TOS=0x00 PREC=0x00 TTL=128 ID=22045 DF PROTO=TCP SPT=63123 DPT=445 WINDOW=7784 RES=0x00 ACK PSH URGP=0 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.863391] WARNING (unknown src intf):IN=ppp5 OUT= MAC= SRC=172.20.180.7 DST=X.X.X.X LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=19276 PROTO=UDP SPT=50044 DPT=3481 LEN=100 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.875016] WARNING (unknown src intf):IN=ppp5 OUT= MAC= SRC=172.20.180.7 DST=X.X.X.X LEN=111 TOS=0x00 PREC=0x00 TTL=128 ID=14323 PROTO=UDP SPT=50000 DPT=3479 LEN=91 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.879954] WARNING (unknown src intf):IN=ppp9 OUT= MAC= SRC=172.20.180.11 DST=X.X.X.X LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=31051 DF PROTO=TCP SPT=56350 DPT=443 WINDOW=65 RES=0x00 ACK URGP=0 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.881270] WARNING (unknown src intf):IN=ppp5 OUT= MAC= SRC=172.20.180.7 DST=X.X.X.X LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=17764 DF PROTO=TCP SPT=60529 DPT=445 WINDOW=64960 RES=0x00 SYN URGP=0 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.884878] WARNING (unknown src intf):IN=ppp15 OUT= MAC= SRC=172.20.180.17 DST=X.X.X.X LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=19473 PROTO=UDP SPT=51001 DPT=53 LEN=44 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.884934] WARNING (unknown src intf):IN=ppp15 OUT= MAC= SRC=172.20.180.17 DST=X.X.X.X LEN=64 TOS=0x00 PREC=0x00 TTL=128 ID=7398 PROTO=UDP SPT=51001 DPT=53 LEN=44 MARK=0x200 
    May  9 11:16:48 ut kernel: [12180592.888867] WARNING (unknown src intf):IN=ppp15 OUT= MAC= SRC=172.20.180.17 DST=X.X.X.X LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=22161 DF PROTO=TCP SPT=60375 DPT=443 WINDOW=257 RES=0x00 ACK URGP=0 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.895030] WARNING (unknown src intf):IN=ppp5 OUT= MAC= SRC=172.20.180.7 DST=X.X.X.X LEN=103 TOS=0x00 PREC=0x00 TTL=128 ID=14324 PROTO=UDP SPT=50000 DPT=3479 LEN=83 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.914970] WARNING (unknown src intf):IN=ppp5 OUT= MAC= SRC=172.20.180.7 DST=X.X.X.X LEN=103 TOS=0x00 PREC=0x00 TTL=128 ID=14325 PROTO=UDP SPT=50000 DPT=3479 LEN=83 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.932961] WARNING (unknown src intf):IN=ppp5 OUT= MAC= SRC=172.20.180.7 DST=X.X.X.X LEN=106 TOS=0x00 PREC=0x00 TTL=128 ID=14326 PROTO=UDP SPT=50000 DPT=3479 LEN=86 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.939283] WARNING (unknown src intf):IN=ppp15 OUT= MAC= SRC=172.20.180.17 DST=X.X.X.X LEN=1200 TOS=0x00 PREC=0x00 TTL=128 ID=30111 DF PROTO=TCP SPT=60425 DPT=443 WINDOW=253 RES=0x00 ACK URGP=0 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.939401] WARNING (unknown src intf):IN=ppp15 OUT= MAC= SRC=172.20.180.17 DST=X.X.X.X LEN=1200 TOS=0x00 PREC=0x00 TTL=128 ID=30112 DF PROTO=TCP SPT=60425 DPT=443 WINDOW=253 RES=0x00 ACK URGP=0 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.939548] WARNING (unknown src intf):IN=ppp15 OUT= MAC= SRC=172.20.180.17 DST=X.X.X.X LEN=1200 TOS=0x00 PREC=0x00 TTL=128 ID=30113 DF PROTO=TCP SPT=60425 DPT=443 WINDOW=253 RES=0x00 ACK URGP=0 MARK=0x300 
    May  9 11:16:48 ut kernel: [12180592.939749] WARNING (unknown src intf):IN=ppp15 OUT= MAC= SRC=172.20.180.17 DST=X.X.X.X LEN=1200 TOS=0x00 PREC=0x00 TTL=128 ID=30114 DF PROTO=TCP SPT=60425 DPT=443 WINDOW=253 RES=0x00 ACK URGP=0 MARK=0x300

    5 of May 12 logs in messages
    6 of May 63 logs in messages
    7 of May 93 logs in messages
    8 of May 155 logs in messages
    9 of May 300-500k logs in messages
    10 of May 300-500k logs in messages

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,932

    Default

    It's not an issue. There are same sessions which the source interface is not known (internal, udp, or etc).
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,092

    Default

    All sessions are from IPSec users.
    So the interface should be known.

    I'll have to check all changes made on the 9th.

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,092

    Default

    Do know they made changes to OpenVPN's export but that should not effect IPsec?!

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,932

    Default

    That is correct. OpenVPN changes do not affect IPsec. There is a clean up of IPsec code in 14.2.0 so it might be worth waiting for this beta. I've running 14.2.0 live for some time now.

    Edit: 14.2.0 beta available https://forums.untangle.com/announce...available.html
    Last edited by jcoffin; 05-13-2019 at 01:55 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2