[Openswan Users] Drooping of return packets.
vinod_chandran at multitech.co.in
Wed Jan 19 10:30:25 CET 2005
I am currently using super-freeswan 188.8.131.52 on Kernel 2.4.26.
When the box is booting up, when I try to ping from a node on the LAN
side, at certain instances it doesnt work.
When I see the tcpdump I find that the ICMP request goes on eth0
interface , while the ICMP reply goes on to the ipsec0 interface. Since
there was no tunnel configured, the packet gets dropped.
The problem gets solved when I restart ipsec.
In the known problems section for Kernel 2.6, I found one known issue
pretty similar to this:
/* In 2.6, IPsec policies are detached from routing decisions. Because
design, Opportunistic Encryption on the local LAN is possible with 2.6.
One side effect: When contacting a node on the local LAN which is
by gateway OE, you will get asymmetrical routing (one way through the
one way direct), and IPsec will drop the return packets.
To communicate with this node, you must set a "clear" policy for it. /
I wanted some more information on this, since I didnt understand what is
meant by the "clear policy" listed here, assuming that the two issues
are the same.
Thanks in advance,
More information about the Users