rou / $ route [J-n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 10.2.111.0 192.168.0.1 255.255.255.0 UG 0 0 0 ipsec0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 / $ / $ / $ / $ / $ route -n[J / $ ping 10.2.111.1[J 2 PINGklips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0. 1klips_debug:ipsec_tunnel_hard_header: Revectored 0p00000000->0pc0ff4148 len=104 type=2048 dev=ipsec0->eth0 dev_addr=00:01:02:03:04:05 0.ip=c0a800c8->0a026f02 2.klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=118 hard_header_len:1411 001.:012 :02(1:030.:042.:0511:001.:012):02: :0356:04 d:05at:08a :00by teklips_debug: IP:s ihl:20 ver:4 tos:0 tlen:104 id:0 DF frag_off:0 ttl:64 proto:1 (ICMP) chk:33 saddr:192.168.0.200 daddr:10.2.111.2 type:code=8:0 klips_debug:ipsec_xmit_strip_hard_header: Original head,tailroom: 2,40 klips_debug:ipsec_findroute: 192.168.0.200:0->10.2.111.2:0 1 klips_debug:rj_match: * See if we match exactly as a host destination klips_debug:rj_match: ** try to match a leaf, t=0pc0f29480 klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet saddr=c0a800c8, er=0pc0f29480, daddr=a026f02, er_dst=d34e545d, proto=1 sport=0 dport=0 klips_debug:ipsec_sa_getbyid: linked entry in ipsec_sa table for hash=140 of SA:tun.1004@211.78.84.93 requested. klips_debug:ipsec_xmit_encap_bundle: found ipsec_sa -- SA: tun.1004@211.78.84.93 klips_debug:ipsec_xmit_encap_bundle: calling room for , SA:tun.1004@211.78.84.93 klips_debug:ipsec_xmit_encap_bundle: Required head,tailroom: 20,0 klips_debug:ipsec_xmit_encap_bundle: calling room for , SA:esp.9a23add5@211.78.84.93 klips_debug:ipsec_xmit_encap_bundle: Required head,tailroom: 16,20 klips_debug:ipsec_xmit_encap_bundle: existing head,tailroom: 2,40 before applying xforms with head,tailroom: 36,20 . klips_debug:ipsec_xmit_encap_bundle: mtu:1500 physmtu:1500 tothr:36 tottr:20 mtudiff:56 ippkttotlen:104 klips_info:ipsec_xmit_encap_bundle: dev ipsec0 mtu of 1500 decreased by 57 to 1443 klips_debug:ipsec_xmit_encap_bundle: allocating 14 bytes for hardheader. klips_debug:ipsec_xmit_encap_bundle: head,tailroom: 16,40 after hard_header stripped. klips_debug: IP: ihl:20 ver:4 tos:0 tlen:104 id:0 DF frag_off:0 ttl:64 proto:1 (ICMP) chk:33 saddr:192.168.0.200 daddr:10.2.111.2 type:code=8:0 klips_debug:ipsec_xmit_encap_bundle: head,tailroom: 68,20 after allocation klips_debug: IP: ihl:20 ver:4 tos:0 tlen:104 id:0 DF frag_off:0 ttl:64 proto:1 (ICMP) chk:33 saddr:192.168.0.200 daddr:10.2.111.2 type:code=8:0 klips_debug:ipsec_xmit_encap_once: calling output for , SA:tun.1004@211.78.84.93 klips_debug:ipsec_xmit_encap_once: pushing 20 bytes, putting 0, proto 4. klips_debug:ipsec_xmit_encap_once: head,tailroom: 48,20 before xform. klips_debug:ipsec_xmit_encap_once: after , SA:tun.1004@211.78.84.93: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:124 id:55242 frag_off:0 ttl:64 proto:4 chk:47511 saddr:192.168.0.200 daddr:211.78.84.93 klips_debug: IP: ihl:20 ver:4 tos:0 tlen:124 id:55242 frag_off:0 ttl:64 proto:4 chk:47511 saddr:192.168.0.200 daddr:211.78.84.93 klips_debug:ipsec_xmit_encap_once: calling output for , SA:esp.9a23add5@211.78.84.93 klips_debug:ipsec_xmit_encap_once: pushing 16 bytes, putting 20, proto 50. klips_debug:ipsec_xmit_encap_once: head,tailroom: 32,0 before xform. klips_dmp: at pre-encrypt, len=160: klips_debug: @000: 45 00 00 a0 d7 ca 00 00 40 32 b9 97 c0 a8 00 c8 klips_debug: @010: d3 4e 54 5d 9a 23 ad d5 00 00 00 37 c0 a8 00 c8 klips_debug: @020: d3 4e 54 5d 45 00 00 68 00 00 40 00 40 01 00 21 klips_debug: @030: c0 a8 00 c8 0a 02 6f 02 08 00 12 9f d9 01 00 00 klips_debug: @040: f8 71 05 47 00 a6 0e 00 00 00 00 00 00 00 00 00 klips_debug: @050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 klips_debug: @060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 klips_debug: @070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 klips_debug: @080: 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 klips_debug: @090: 05 06 06 04 50 88 4e e2 15 03 c3 f2 50 10 43 8d klips_debug:ipsec_alg_esp_encrypt: entering with encalg=3, ixt_e=c4fa874c klips_debug:ipsec_alg_esp_encrypt: calling cbc_encrypt encalg=3 ips_key_e=c0be5400 idat=c0f292c4 ilen=112 iv=c0f292bc, encrypt=1 klips_debug:ipsec_alg_esp_encrypt: returned ret=1 klips_debug:ipsec_xmit_encap_once: after , SA:esp.9a23add5@211.78.84.93: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:160 id:55242 frag_off:0 ttl:64 proto:50 (ESP) chk:47429 saddr:192.168.0.200 daddr:211.78.84.93 klips_debug: IP: ihl:20 ver:4 tos:0 tlen:160 id:55242 frag_off:0 ttl:64 proto:50 (ESP) chk:47429 saddr:192.168.0.200 daddr:211.78.84.93 klips_error:ipsec_sa_put: null pointer passed in! klips_debug:ipsec_findroute: 192.168.0.200:0->211.78.84.93:0 50 klips_debug:rj_match: * See if we match exactly as a host destination klips_debug:rj_match: ** try to match a leaf, t=0pc0f29480 klips_debug:rj_match: *** start searching up the tree, t=0pc0f29480 klips_debug:rj_match: **** t=0pc0f29498 klips_debug:rj_match: **** t=0pc0bea820 klips_debug:rj_match: ***** cp2=0pc033e8c8 cp3=0pc0b2c670 klips_debug:rj_match: ***** not found. klips_debug:ipsec_xmit_restore_hard_header: After recursive xforms -- head,tailroom: 32,0 klips_debug:ipsec_xmit_restore_hard_header: With hard_header, final head,tailroom: 18,0 klips_debug:ipsec_xmit_send: ...done, calling ip_send() on device:eth0 klips_debug: IP: ihl:20 ver:4 tos:0 tlen:160 id:55242 frag_off:0 ttl:64 proto:50 (ESP) chk:47429 saddr:192.168.0.200 daddr:211.78.84.93 klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0. klips_debug:ipsec_tunnel_hard_header: Revectored 0p00000000->0pc0ff4148 len=104 type=2048 dev=ipsec0->eth0 dev_addr=00:01:02:03:04:05 ip=c0a800c8->0a026f02 klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=118 hard_header_len:14 00:01:02:03:04:05:00:01:02:03:04:05:08:00 klips_debug: IP: ihl:20 ver:4 tos:0 tlen:104 id:0 DF frag_off:0 ttl:64 proto:1 (ICMP) chk:33 saddr:192.168.0.200 daddr:10.2.111.2 type:code=8:0 klips_debug:ipsec_xmit_strip_hard_header: Original head,tailroom: 2,40 klips_debug:ipsec_findroute: 192.168.0.200:0->10.2.111.2:0 1 klips_debug:rj_match: * See if we match exactly as a host destination klips_debug:rj_match: ** try to match a leaf, t=0pc0f29480 klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet saddr=c0a800c8, er=0pc0f29480, daddr=a026f02, er_dst=d34e545d, proto=1 sport=0 dport=0 kli