[Openswan Users] ipsec up, but not always transferring (fwd)
Michael Richardson
mcr at sandelman.ottawa.on.ca
Wed Sep 22 10:02:57 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
Paul> Ken: I am not the only one with 'tcpdump fixes things' issues.
Paul> Michael: Do you know what causes tcpdump to 'fix' things?
There are situations where tcpdump on ipsec0 will change how outgoing
packets are processed, but it should never change how incoming packets
are processed. And that only happened on 2.2.
Please confirm:
a) you are running
tcpdump -i ipsec0 -n -p
b) you are using tcpdump 3.8.3 with libpcap 0.8.3
(becuse some tcpdump's have different flags)
c) you have PF_PACKET support in your kernel.
d) please run tcpdump on the external interface (eth1, ppp0, watever)
to confirm what the packets are leaving R3, and to determine
if the packets are arriving (or not) at R1.
e) please do an "ipsec barf" before and after.
f) please repeat with and without -p flag.
Paul> Does promisc mode cause forwarding?
No relationship.
-p will tell you if it has anything to do with promisc mode.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQVF4AIqHRg3pndX9AQH+zAP9HdZGZ4oyjV2EHZuxf7bDF2QqYEdu6Cmf
bhJw6VtNruHpPZIAsLY7d9KywLF1DuC0ioG9A0NOxEqogvgONMxQcYZkqQ/Xil19
mQMMwG9K+57afueSHTe1CVLTe2q63l9TFMVrmCH/VNhd8L611eptdva7WqL0ee2f
XY8lEyW8b34=
=hV8o
-----END PGP SIGNATURE-----
More information about the Users
mailing list