[Openswan Users] Drooping of return packets.
Paul Wouters
paul at xelerance.com
Wed Jan 19 14:13:03 CET 2005
On Wed, 19 Jan 2005, Vinod Chandran wrote:
[CC: to user dropped, MX records didn't work?]
> I am currently using super-freeswan 1.99.7.3 on Kernel 2.4.26.
That is *very* old.
> When the box is booting up, when I try to ping from a node on the LAN side,
> at certain instances it doesnt work.
That all depends on how you load and/or start your connections, and when
openswan starts.
> When I see the tcpdump I find that the ICMP request goes on eth0 interface ,
> while the ICMP reply goes on to the ipsec0 interface. Since there was no
> tunnel configured, the packet gets dropped.
Why would a packet hit ipsec0 without a configured tunnel? There has to be
some routing changes that happened to cause the packet to hit an ipsec device.
> In the known problems section for Kernel 2.6, I found one known issue pretty
> similar to this:
That' has to do with OE and 2.6 kernels, and has nothing to do with what
you are describing. Superfreeswan has no 'policy files'.
Paul
More information about the Users
mailing list