[Openswan Users]
IPSEC established but TX packets dropped on ipsec0 interface
Daniel Fenert
daniel at fenert.net
Thu Aug 12 11:06:01 CEST 2004
I'm trying to establish network-network conenction between 2 gateways.
No NAT, for testing purposes directly connected. Everything seems to be fine
IPSEC is established, but no packet is being sent to other peer.
Using tcpdump on ipsec0 interface, I see that packets are generated on source
machine, but never get to destination, and TX dropped packets are
increasing on source machine (you can see it in 'barf' attachment).
I've tried to look in the archives of freeswan/openswan lists, but all that I
got was 'RX packets dropped', and no plain solution besides, that there's some
misconfiguration :)
I'm using openswan-1.0.7rc1 on 2.4.27 kernel.
Distro is slackware-10.0.
On both machines.
I'm attaching ipsec.conf (from one machine, on the other it's identical),
and compressed ipsec barf.
--
Daniel Fenert --==> daniel at fenert.net <==--
==-P o w e r e d--b y--S l a c k w a r e-=-ICQ #37739641-==
When people agree with me I always feel that I must be wrong
=======- http://daniel.fenert.net/ -=======< +48604628083 >
-------------- next part --------------
# /etc/ipsec.conf - Openswan IPsec configuration file
# basic configuration
config setup
interfaces="ipsec0=eth1"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
plutowait=no
uniqueids=yes
conn %default
keyingtries=0
###compress=yes
conn rp3
# Left security gateway, subnet behind it, next hop toward right.
left=10.1.1.170
#leftnexthop=
leftsubnet=192.168.1.0/24
# Right security gateway, subnet behind it, next hop toward left.
right=10.1.1.169
#rightnexthop=
rightsubnet=192.168.0.0/24
# To initiate this connection automatically at startup,
# uncomment this:
auto=start
authby=rsasig
leftid = @rimmon.exx.pl
rightid= @rp3.exx.pl
leftcert=rimmon.exx.pl.crt
rightcert=rp3.exx.pl.crt
pfs=no
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.barf.txt.gz
Type: application/x-gunzip
Size: 13130 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040812/c4736e08/ipsec.barf.txt-0001.bin
More information about the Users
mailing list