[Openswan Users] acquire-netlink
Paul Wouters
paul at xelerance.com
Tue Jun 7 18:55:02 CEST 2005
On Tue, 7 Jun 2005, Massimo Mazzoldi wrote:
> Today i tried converting a working config with
> kernel 2.6.10 + openswan 2.3.0 with klips enabled
> in a:
> kernel 2.6.20 + openswan 2.3.0 using netkey
> I modified firewall rules and everything went fine:
> every tunnels went up without a problem.
>
> My problem is that as soon as I start Pluto...
> the SA gateway itself becomes not reachable in any way from internal lan!!!
>
> I noticed the following text:
>
> x.x.x.x/32:0 -> x.x.x.x/32:0 => %hold:1 0 %acquire-netlink
You should really run at least 2.6.11.7 when running ipsec on 2.6 with netkey.
Do you have overlapping subnets? eg a rightsubnet=10/8 with a leftsubnet=10.a.b.0/24 ?
Those work differently under the different stacks.
Also, you are sure you don't get route command errors in the logfiles?
Paul
More information about the Users
mailing list