[Openswan Users] what happens during /etc/init.d/ipsec stop ?

Paul Wouters paul at xelerance.com
Wed Dec 1 00:50:23 CET 2004


On Tue, 30 Nov 2004, Albert Agusti wrote:

> I'm using openswan-2.2.0 (build from source) with last NAT-T patch on
> kernel 2.6 family.

the nat-t patch as supplied by us (or obtained by 'make nattpatch' is only
for use with KLIPS, not for use of the 2.6 NETKEY stack.

> I've two Linux boxes behind a NAT DSL router acting as tunnel ends. One
> is configured as initiator of the tunnel (auto=start) and the other as
> responder (auto=add). The problem is that EVERY TIME one of the systems
> (tunnel ends) reboots or issues stop/start of ipsec proces, the tunnel
> negotiation blocks at Main mode in "no connection has been authorized"
> and !! THE ONLY way I find to solve this is to stop ipsec at both ends,
> start the responder and start the initiator !!

If you stop one end, a Notify/Delete message is sent by that end. Do
you receive that on the remote? Is it ignored?

Can you try 2.3.0dr4 and see if the problem remains?

Paul


More information about the Users mailing list