[Openswan Users] Opportunistic Encryption Configuration
Paul Wouters
paul at xelerance.com
Wed Jul 4 09:48:27 EDT 2007
On Wed, 4 Jul 2007, Dariush Zahedmanesh wrote:
> I want provide several secure connections with opportunistic encryption
> solution on openswan so:
> I have setup openswan to opportunistic encryption between 2 networks. My
> config comes below. The
> problem is that there are no tunnels when I start ipsec (i have connectivity
> between networks), and
> any packets( for example 'icmp' request and reply) are clear and there
> aren't any ESP sign in my
> tcpdump on ipsec interface.
Check the logs to see what is happening. Also check if you have %pass eroutes
in ipsec eroute.
Note that the first few seconds of running OE might cause a cascade of %pass
routes, since your machine will try to reach some DNS server, which will
trigger more OE (to attempt to encrypt traffic to the dns server) which ends
up with pass routes to the DNS server before it can actually successfully
get the DNS records required for OE.
If you show us the logs (without any plutodebug or klipsdebug setting!) we can
tell you better why OE is not working.
Paul
More information about the Users
mailing list