[Openswan Users] IPSec SA estabished but no traffic goes out?

Necati Demir necati at labristeknoloji.com
Mon Nov 28 14:03:25 CET 2005 

Did u solve the problem?
I have the same problem, it establishes but no traffic goes.

> I still have no idea whats going on, either i am wondering if i am 
> being very dumb??
>
> I have taken the 2.6.11.12 kernel and compiled it with the following 
> network options
>
> CONFIG_PACKET=y
> # CONFIG_PACKET_MMAP is not set
> # CONFIG_NETLINK_DEV is not set
> CONFIG_UNIX=y
> CONFIG_NET_KEY=y
> CONFIG_INET=y
> # CONFIG_IP_MULTICAST is not set
> # CONFIG_IP_ADVANCED_ROUTER is not set
> # CONFIG_IP_PNP is not set
> CONFIG_NET_IPIP=m
> CONFIG_NET_IPGRE=m
> # CONFIG_ARPD is not set
> CONFIG_SYN_COOKIES=y
> CONFIG_INET_AH=m
> CONFIG_INET_ESP=m
> CONFIG_INET_IPCOMP=m
> CONFIG_INET_TUNNEL=m
> CONFIG_IP_TCPDIAG=y
> # CONFIG_IP_TCPDIAG_IPV6 is not set
> CONFIG_IPV6=m
> CONFIG_IPV6_PRIVACY=y
> CONFIG_INET6_AH=m
> CONFIG_INET6_ESP=m
> CONFIG_INET6_IPCOMP=m
> CONFIG_INET6_TUNNEL=m
> # CONFIG_IPV6_TUNNEL is not set
> # CONFIG_NETFILTER is not set
> CONFIG_XFRM=y
> CONFIG_XFRM_USER=m
>
> I have removed iptable support from the kernel
>
> I am trying the openswan programs 2.4.4 from the tarball at the moment.
>
> I have ip_forwarding enabled
>
> Tried removing SMP support from the kernel
>
> But every ping i send to the right subnet gets routed out on to eth0 
> and does no go out over the tunnel.
>
> Could I be missing a kernel config option?
> Any ideas on what i should have a go at next??  Would it be worth 
> trying klips again? (it crashes the kernel each time i do an ipsec 
> --version)
>
>
>> I hope you wanted me to remove the route:
>>
>> Destination     Gateway         Genmask         Flags Metric Ref    
>> Use Iface
>> 172.16.0.0      *               255.255.255.0   U     0      0        
>> 0 eth0
>>
>> This route gets added when the ipsec service starts
>>
>> Without this route pings to 172.16.0.1 produce...
>>
>> 19:28:08.103775 IP ???????.pureserver.info > 172.16.0.1: icmp 64: 
>> echo request seq 2
>>
>> and no replies, with tcpdump
>>
>> ----- Original Message ----- From: "Paul Wouters" <paul at xelerance.com>
>> To: "Martin Hillier" <martin.hillier at nyquist-solutions.com>
>> Cc: <users at openswan.org>
>> Sent: Saturday, November 26, 2005 7:23 PM
>> Subject: Re: [Openswan Users] IPSec SA estabished but no traffic goes 
>> out?
>>
>>
>>> On Sat, 26 Nov 2005, Martin Hillier wrote:
>>>
>>>> Just changed it and restarted the service, brought the vpn up and 
>>>> its still
>>>> producing arp packets on eth0 when pinging 172.16.0.1.
>>>
>>>
>>> Remote the route that got inserted manually?
>>>
>>> Paul
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: necati.vcf
Type: text/x-vcard
Size: 273 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20051128/70e36e77/necati.vcf

More information about the Users mailing list