[Openswan Users] IPSEC problems between 2.6 kernels...

Paul Wouters paul at xelerance.com
Mon May 31 23:09:41 CEST 2004


On Mon, 31 May 2004, Sven Schuster wrote:

> May 31 18:03:35 zion pluto[13508]: "sample" #2: sent QI2, IPsec SA established {ESP=>0x097e9858 <0x7aaa1e62}
> 
> FC2/racoon:
> 2004-05-31 18:03:36: INFO: pfkey.c:1127:pk_recvupdate(): IPsec-SA established: ESP/Transport 192.168.0.2->192.168.0.1 spi=159291480(0x97e9858)
> 2004-05-31 18:03:36: INFO: pfkey.c:1348:pk_recvadd(): IPsec-SA established: ESP/Transport 192.168.0.1->192.168.0.2 spi=2057969250(0x7aaa1e62)

Transport mode? I would personally only use tunnel mode on both ends.
 
> When I ping from the FC2 to RH9, I just see one ESP packet arriving
> at the RH9 machine, but none leaving to FC2.

With KLIPS, one can set klipsdebug=all and you would see why the packet is being dropped. I
am not sure if there is such mechanism for the 2.6 native code.

You could try a 2.4 kernel with KLIPS and that configuration to see wether the problem is
in the openswan userland, or in the kernel ipsec stack.

Paul 



More information about the Users mailing list