[Openswan Users] IPSec SA estabished but no traffic goes out?

Martin Hillier martin.hillier at nyquist-solutions.com
Sun Nov 27 19:39:31 CET 2005


I still have no idea whats going on, either i am wondering if i am being 
very dumb??

I have taken the 2.6.11.12 kernel and compiled it with the following network 
options

CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_UNIX=y
CONFIG_NET_KEY=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
CONFIG_IP_TCPDIAG=y
# CONFIG_IP_TCPDIAG_IPV6 is not set
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_INET6_TUNNEL=m
# CONFIG_IPV6_TUNNEL is not set
# CONFIG_NETFILTER is not set
CONFIG_XFRM=y
CONFIG_XFRM_USER=m

I have removed iptable support from the kernel

I am trying the openswan programs 2.4.4 from the tarball at the moment.

I have ip_forwarding enabled

Tried removing SMP support from the kernel

But every ping i send to the right subnet gets routed out on to eth0 and 
does no go out over the tunnel.

Could I be missing a kernel config option?
Any ideas on what i should have a go at next??  Would it be worth trying 
klips again? (it crashes the kernel each time i do an ipsec --version)


>I hope you wanted me to remove the route:
>
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
> Iface
> 172.16.0.0      *               255.255.255.0   U     0      0        0 
> eth0
>
> This route gets added when the ipsec service starts
>
> Without this route pings to 172.16.0.1 produce...
>
> 19:28:08.103775 IP ???????.pureserver.info > 172.16.0.1: icmp 64: echo 
> request seq 2
>
> and no replies, with tcpdump
>
> ----- Original Message ----- 
> From: "Paul Wouters" <paul at xelerance.com>
> To: "Martin Hillier" <martin.hillier at nyquist-solutions.com>
> Cc: <users at openswan.org>
> Sent: Saturday, November 26, 2005 7:23 PM
> Subject: Re: [Openswan Users] IPSec SA estabished but no traffic goes out?
>
>
>> On Sat, 26 Nov 2005, Martin Hillier wrote:
>>
>>> Just changed it and restarted the service, brought the vpn up and its 
>>> still
>>> producing arp packets on eth0 when pinging 172.16.0.1.
>>
>> Remote the route that got inserted manually?
>>
>> Paul
>>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 



More information about the Users mailing list