[Openswan Users] ipsec up, but not always transferring (fwd)

Michael Richardson mcr at sandelman.ottawa.on.ca
Wed Sep 22 10:02:57 CEST 2004


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    Paul> Ken: I am not the only one with 'tcpdump fixes things' issues.

    Paul> Michael: Do you know what causes tcpdump to 'fix' things?

  There are situations where tcpdump on ipsec0 will change how outgoing
packets are processed, but it should never change how incoming packets
are processed. And that only happened on 2.2.

  Please confirm:
	 a) you are running 
		tcpdump -i ipsec0 -n -p

	 b) you are using tcpdump 3.8.3 with libpcap 0.8.3
	    (becuse some tcpdump's have different flags)

	 c) you have PF_PACKET support in your kernel.

	 d) please run tcpdump on the external interface (eth1, ppp0, watever)
	    to confirm what the packets are leaving R3, and to determine
	    if the packets are arriving (or not) at R1.

	 e) please do an "ipsec barf" before and after.

	 f) please repeat with and without -p flag.

    Paul> Does promisc mode cause forwarding?

  No relationship.
  -p will tell you if it has anything to do with promisc mode.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys


More information about the Users mailing list