[Openswan Users] IPSEC problems between 2.6 kernels...
Paul Wouters
paul at xelerance.com
Mon May 31 23:09:41 CEST 2004
On Mon, 31 May 2004, Sven Schuster wrote:
> May 31 18:03:35 zion pluto[13508]: "sample" #2: sent QI2, IPsec SA established {ESP=>0x097e9858 <0x7aaa1e62}
>
> FC2/racoon:
> 2004-05-31 18:03:36: INFO: pfkey.c:1127:pk_recvupdate(): IPsec-SA established: ESP/Transport 192.168.0.2->192.168.0.1 spi=159291480(0x97e9858)
> 2004-05-31 18:03:36: INFO: pfkey.c:1348:pk_recvadd(): IPsec-SA established: ESP/Transport 192.168.0.1->192.168.0.2 spi=2057969250(0x7aaa1e62)
Transport mode? I would personally only use tunnel mode on both ends.
> When I ping from the FC2 to RH9, I just see one ESP packet arriving
> at the RH9 machine, but none leaving to FC2.
With KLIPS, one can set klipsdebug=all and you would see why the packet is being dropped. I
am not sure if there is such mechanism for the 2.6 native code.
You could try a 2.4 kernel with KLIPS and that configuration to see wether the problem is
in the openswan userland, or in the kernel ipsec stack.
Paul
More information about the Users
mailing list