[Openswan Users] All packets of ipsec0 dropped

[Wah Jong]

Dear,
 Is there any hints why all packets of ipsec0 getting dropped?
 my vpn diagram
192.168.10.0/24 <http://192.168.10.0/24> ---- [eth1 a.b.c.d eth0] ==== 
internet ==== [eth0 x.y.w.z eth1] ----- 192.168.15.0/24<http://192.168.15.0/24>
 /var/log/messages
kernel: klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0.
kernel: klips_debug:ipsec_tunnel_hard_header: Revectored 
0x00000000->0xd78ce2a4 len=60 type=2048 dev=ipsec0->eth0 
dev_addr=00:50:fc:3a:17:5c ip=c0a80a75->c0a80f75
kernel: klips_debug:ipsec_tunnel_start_xmit: >>> skb->len=74 
hard_header_len:14 00:50:fc:3a:17:5c:00:50:fc:3a:17:5c:08:00 
kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:60 id:35201 frag_off:0 
ttl:31 proto:1 (ICMP) chk:30469 saddr:192.168.10.117
<http://192.168.10.117>daddr:
192.168.15.117 <http://192.168.15.117> type:code=8:0
kernel: klips_debug:ipsec_findroute:
192.168.10.117:0->192.168.15.117:0<http://192.168.15.117:0>1
kernel: klips_debug:rj_match: * See if we match exactly as a host 
destination
kernel: klips_debug:rj_match: ** try to match a leaf, t=0xcf1cbc80
kernel: klips_debug:rj_match: *** start searching up the tree, t=0xcf1cbc80
kernel: klips_debug:rj_match: **** t=0xcf1cbc98
kernel: klips_debug:rj_match: **** t=0xcc8957c0
kernel: klips_debug:rj_match: ***** cp2=0xdd9cfd28 cp3=0xc5f76230
kernel: klips_debug:rj_match: ***** not found.
kernel: klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE 
packet saddr=c0a80a75, er=00000000, daddr=c0a80f75, er_dst=0, proto=1 
sport=0 dport=0
kernel: klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 18,36
kernel: klips_debug:ipsec_tunnel_start_xmit: shunt SA of DROP or no eroute: 
dropping.

Regards,
Steve Jong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050629/675184e1/attachment.htm