[Openswan Users] Tunnel up but no communication
Paul Wouters
paul at xelerance.com
Tue May 3 16:09:07 CEST 2005
On Mon, 2 May 2005, Giovani Moda - MR Informática wrote:
> Recently I've upgraded an ipsec 2.2.0 to 2.3.1 on an FC2 system. The tunnel
> came up just fine, and I could ping both sides. But, for some reason I could
> not understand, the communication between the subnets would not occur. I use
> an telnet client, and I connect to the server through the ipsec tunnel. After
> the upgrade, the communication stoped working. I could ping the other side,
> but when I tried to telnet it, it just hung there... Same thing happened when
> I tried to navigate to it with windows network client.
Did you switch from KLIPS to NETKEY?
> I could not find an single error in it. No warnings, no failures. With
> tcpdumpt, I could see ESP packages exchange between the two gateways, but
> telnet and network just didn't work. When I downgraded to openswan 2.1.5 it
> worked just fine. I sucessfully telnet the server and navigated to it with
> windows network client. Same config, same system, just a different version of
> openswan.
It sounds like an mtu issue.
If you did not switch stacks, can you try adding esp=3des and see if that makes
a difference. I believe the default cipher changed from 3des to aes between 2.2.0
and 2.3.1.
Paul
More information about the Users
mailing list