[Openswan Users] IPSec SA estabished but no traffic goes out?
Martin Hillier
martin.hillier at nyquist-solutions.com
Sun Nov 27 19:39:31 CET 2005
I still have no idea whats going on, either i am wondering if i am being
very dumb??
I have taken the 2.6.11.12 kernel and compiled it with the following network
options
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_UNIX=y
CONFIG_NET_KEY=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
CONFIG_IP_TCPDIAG=y
# CONFIG_IP_TCPDIAG_IPV6 is not set
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_INET6_TUNNEL=m
# CONFIG_IPV6_TUNNEL is not set
# CONFIG_NETFILTER is not set
CONFIG_XFRM=y
CONFIG_XFRM_USER=m
I have removed iptable support from the kernel
I am trying the openswan programs 2.4.4 from the tarball at the moment.
I have ip_forwarding enabled
Tried removing SMP support from the kernel
But every ping i send to the right subnet gets routed out on to eth0 and
does no go out over the tunnel.
Could I be missing a kernel config option?
Any ideas on what i should have a go at next?? Would it be worth trying
klips again? (it crashes the kernel each time i do an ipsec --version)
>I hope you wanted me to remove the route:
>
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 172.16.0.0 * 255.255.255.0 U 0 0 0
> eth0
>
> This route gets added when the ipsec service starts
>
> Without this route pings to 172.16.0.1 produce...
>
> 19:28:08.103775 IP ???????.pureserver.info > 172.16.0.1: icmp 64: echo
> request seq 2
>
> and no replies, with tcpdump
>
> ----- Original Message -----
> From: "Paul Wouters" <paul at xelerance.com>
> To: "Martin Hillier" <martin.hillier at nyquist-solutions.com>
> Cc: <users at openswan.org>
> Sent: Saturday, November 26, 2005 7:23 PM
> Subject: Re: [Openswan Users] IPSec SA estabished but no traffic goes out?
>
>
>> On Sat, 26 Nov 2005, Martin Hillier wrote:
>>
>>> Just changed it and restarted the service, brought the vpn up and its
>>> still
>>> producing arp packets on eth0 when pinging 172.16.0.1.
>>
>> Remote the route that got inserted manually?
>>
>> Paul
>>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
More information about the Users
mailing list