[Openswan dev] Host2host tunnels not working with klips

Ruben Laban r.laban at ism.nl
Fri May 27 11:23:57 EDT 2011


Hi Paul,

On Friday 27 May 2011 at 17:19 (CET), Paul Wouters wrote:
> On Fri, 27 May 2011, Ruben Laban wrote:
> >> "tunnel-host1-to-host4" #7: sending notification PAYLOAD_MALFORMED to
> >> 172.16.2.10:500
> >> 
> >> This is what I see on the 2.6.24 host. On the other hosts (2.6.32 &
> >> 2.6.38) I don't even see any traces of the rekey attempts in the logs.
> > 
> > Did some more kernel testing using the vanilla kernels provided through
> > ubuntu's mainline kernel ppa: up to 2.6.30 works, 2.6.31 breaks. Also,
> > ubuntu jaunty's 2.6.28 (with backports) kernel is affected (read:
> > doesn't work).
> > 
> > Perhaps this helps pinpointing the problem.
> 
> How would a kernel change cause the IKE userland to act differently? Did
> you change the userland during these tests as well?

Good question :-)

All I did was the following:

* Install new kernel
* Boot new kernel
* Run: make clean KERNELSRC=/lib/modules/`uname -r`/build module minstall
* Run: ipsec setup --restart
* Run: ipsec auto --up tunnel-host1-to-host4 twice
* Rinse, repeat

On working kernels the 2nd '--up' would cause a successful rekey, on others 
it'd stall trying to rekey.

So no, userland wasn't updated in the process.

I'm assuming it has to do with the passthrough policies or something like 
that.

Regards,
Ruben Laban


More information about the Dev mailing list