[Openswan Users] "IPsec SA established" but ESP onlt in one
direction
Jacco de Leeuw
jacco2 at dds.nl
Fri Aug 27 12:47:06 CEST 2004
On Fri, Aug 27, 2004 at 10:56:57AM +0200, Marco Perrando wrote:
> The SPI number of ESP traffic coming from NAT'ted XP box
> is ALWAYS 0x11941194.
Hm. Odd.
> Is it possible that such identifier does not match with the
> onr ipec is waiting for?
I guess you should see error messages rejecting these packets then.
> I think the fu***** router mangles the ESP packets changing the ESP number.
> So this is a router problem, not a configuration problem.
Well, that is easy to find out. Look at the configuration
of your NAT router and disable IPsec passthrough.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list