[Openswan Users] Ping through tunnel suddenly stops

Sybille Ebert sybille.ebert at gmx.net
Mon May 24 17:15:38 CEST 2004

> Are you sure those first few pings are crypted? You cannot run tcpdump and 
> check from the sending machine because of the linux packet pie. Instead,
> run tcpdump on the receiving host (or better, use a hub and a third host)
> to double check.

Yes, I used a third machine to check that the packets are indeed encrypted.

> Can you try to manually modprobing the af_key and esp4 modules before your first
> start and then start to see if the problem goes away. If it does, can you then
> edit _startklips and add a 'sleep 5' after modprobing those modules and see if
> that fixes your problem? The netlink and ipsec kernel modules might be taking a
> little bit of time to load or initiate, causing some messages to get lost, or at
> least pluto thinks they are lost, and tries to push thm into the netlink device
> again at a later time.

Modprobing does not help. However, unloading the modules does eliminate
the need for rebooting the "right" gateway which seems to be in question 

If it matters, I am actually running two copies of Fedora Core 2 inside
a VMware box. Please let me know if you would like to see any logs.


More information about the Users mailing list