[Openswan Users] ipsec up, but not always transferring (fwd)

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    Paul> Ken: I am not the only one with 'tcpdump fixes things' issues.

    Paul> Michael: Do you know what causes tcpdump to 'fix' things?

  There are situations where tcpdump on ipsec0 will change how outgoing
packets are processed, but it should never change how incoming packets
are processed. And that only happened on 2.2.

  Please confirm:
	 a) you are running 
		tcpdump -i ipsec0 -n -p

	 b) you are using tcpdump 3.8.3 with libpcap 0.8.3
	    (becuse some tcpdump's have different flags)

	 c) you have PF_PACKET support in your kernel.

	 d) please run tcpdump on the external interface (eth1, ppp0, watever)
	    to confirm what the packets are leaving R3, and to determine
	    if the packets are arriving (or not) at R1.

	 e) please do an "ipsec barf" before and after.

	 f) please repeat with and without -p flag.

    Paul> Does promisc mode cause forwarding?

  No relationship.
  -p will tell you if it has anything to do with promisc mode.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQVF4AIqHRg3pndX9AQH+zAP9HdZGZ4oyjV2EHZuxf7bDF2QqYEdu6Cmf
bhJw6VtNruHpPZIAsLY7d9KywLF1DuC0ioG9A0NOxEqogvgONMxQcYZkqQ/Xil19
mQMMwG9K+57afueSHTe1CVLTe2q63l9TFMVrmCH/VNhd8L611eptdva7WqL0ee2f
XY8lEyW8b34=
=hV8o
-----END PGP SIGNATURE-----