[Openswan Users] Interop FC2:openswan<->RH:freeswan
Clive A Stubbings
openswan at vjet.demon.co.uk
Tue Jul 13 12:34:08 CEST 2004
I have a gateway, running 'old' superfreeswan on a RH box with a 2.4
kernel. Its fine. Road warrior works with x509 and NAT traversal to
freeswan and various windows tools.
I've just upgraded a linux laptop to Fedora Core 2 and openswan. (ie a
2.6 series kernel).
I can establish a tunnel from the FC2 system to the old gateway.
But traffic gets dropped at the gateway with the error
Jul 13 11:05:53 xxxx kernel: klips_error:ipsec_rcv: got packet with content
length = 118 from xxx.xxx.xxx.xxx -- should be on 4 octet boundary, packet dropped
This was a normal ping. If I change the ping packet size, it still
always generates a similar error - ie there is something systematically
making the size wrong.
Traffic the other way - ie gateway->laptop looks OK.
The laptop ipsec config is 'derived' from my old superfreeswan one.
Basically its..
version 2.0
config setup
interfaces="ipsec0=eth0"
uniqueids=ye
overridemtu=1000
nat_traversal=ye
disable_port_floating=yes
conn %default
keyingtries=0
authby=rsasig
auth=esp
leftrsasigkey=%cert
conn roam
leftid="C=.... etc"
left=xx.xx.xx.xx
leftsubnet=xx.xx.xx.xx/xx
right=xx.xx.xx.xx
rightnexthop=xx.xx.xx.xx
rightcert=acert.pem
pfs = yes
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
I tried without the interfaces line - that seens redundant now
I added the auth=esp to see if that would help, but it didn't
Any ideas?
Cheers
Clive
More information about the Users
mailing list