[Openswan Users] IPSEC established but TX packets dropped on ipsec0 interface

Daniel Fenert daniel at fenert.net
Thu Aug 12 11:06:01 CEST 2004 

I'm trying to establish network-network conenction between 2 gateways.

No NAT, for testing purposes directly connected. Everything seems to be fine
IPSEC is established, but no packet is being sent to other peer.

Using tcpdump on ipsec0 interface, I see that packets are generated on source
machine, but never get to destination, and TX dropped packets are
increasing on source machine (you can see it in 'barf' attachment).

I've tried to look in the archives of freeswan/openswan lists, but all that I
got was 'RX packets dropped', and no plain solution besides, that there's some
misconfiguration :)

I'm using openswan-1.0.7rc1 on 2.4.27 kernel.
Distro is slackware-10.0.
On both machines.

I'm attaching ipsec.conf (from one machine, on the other it's identical), 
and compressed ipsec barf.

-- 
Daniel Fenert                 --==> daniel at fenert.net <==--
==-P o w e r e d--b y--S l a c k w a r e-=-ICQ #37739641-==
When people agree with me I always feel that I must be wrong
=======- http://daniel.fenert.net/ -=======< +48604628083 >
-------------- next part --------------
# /etc/ipsec.conf - Openswan IPsec configuration file

# basic configuration
config setup
	interfaces="ipsec0=eth1"
	klipsdebug=none
	plutodebug=none
	plutoload=%search
	plutostart=%search
	plutowait=no
	uniqueids=yes

conn %default
	keyingtries=0
	###compress=yes

conn rp3
	# Left security gateway, subnet behind it, next hop toward right.
	left=10.1.1.170
	#leftnexthop=
	leftsubnet=192.168.1.0/24
	# Right security gateway, subnet behind it, next hop toward left.
	right=10.1.1.169
	#rightnexthop=
	rightsubnet=192.168.0.0/24
	# To initiate this connection automatically at startup,
	# uncomment this:
	auto=start
	authby=rsasig
        leftid = @rimmon.exx.pl
        rightid= @rp3.exx.pl
        leftcert=rimmon.exx.pl.crt
        rightcert=rp3.exx.pl.crt
        pfs=no

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.barf.txt.gz
Type: application/x-gunzip
Size: 13130 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040812/c4736e08/ipsec.barf.txt-0001.bin

More information about the Users mailing list