[Openswan Users]
DPD Problem - message from kernel malformed: unknown address family
Eric Marchionni
mailing-lists at gmx.ch
Wed Oct 20 17:27:18 CEST 2004
hi,
i'm dealing with a problem concerning DPD. my scenario:
[subnet1 10.1.0.0/16]---[gw1 192.168.0.1]=====[gw2
192.168.0.2]---[subnet2 10.2.0.0/16]
on gw1 and gw2 dpd with dpdaction=hold is activated. after startup
everything looks fine:
Oct 20 10:35:11 localhost pluto[12528]: "net-net" #2: Dead Peer
Detection (RFC 3706) enabled
Oct 20 10:35:11 localhost pluto[12528]: "net-net" #2: sent QI2, IPsec SA
established {ESP=>0x37b71864 <0x9b99f002}
when i do
gw2# iptables -A INPUT -i eth0 -s 192.168.0.1 -j DROP
following happens:
Oct 20 10:35:58 localhost pluto[12528]: "net-net" #1: DPD: No response
from peer - declaring peer dead
Oct 20 10:35:58 localhost pluto[12528]: "net-net" #1: DPD: Terminating
all SAs using this connection
Oct 20 10:35:58 localhost pluto[12528]: "net-net" #2: deleting state
(STATE_QUICK_I2)
Oct 20 10:35:58 localhost pluto[12528]: "net-net" #1: deleting state
(STATE_MAIN_I4)
Oct 20 10:35:58 localhost pluto[12528]: DPD: Putting connection into %trap
so far so good. but now when i try to reestablish the connection with
gw2# iptables -D INPUT -i eth0 -s 192.168.0.1 -j DROP
host_from_subnet1# ping -c 1 $host_from_subnet2
the ping times out and this occurs in the log:
Oct 20 10:36:11 localhost pluto[12528]: XFRM_MSG_ACQUIRE message from
kernel malformed: unknown address family
for the purpose of completeness i should mention, that the whole network
is a virtual one implemented with user-mode linux (uml-kernel: 2.6).
till now all kind of connections (net to net, host to host,
roadwarriors) worked without problems. any help is appreciated.
regards,
eric
Content Security by MailMarshal
More information about the Users
mailing list