[Openswan Users]

Paul Wouters paul at xelerance.com
Wed Apr 19 17:32:09 CEST 2006

On Wed, 19 Apr 2006, jan svatos wrote:

>  Hallo, I have the following problem. After an upgrade to kernel 2.6.10
>  (old kernel was 2.6.8) are ipsec tunnels broken.
>  Configuration of ipsec is the same, ipsec tunnels looks good,
>  but if I try ping, i doesn't receive reply. The reply packets are lost
>  somewhere in kernel now..
>  I think, I have found the solution -
>   "Since Linux 2.6.10-rcX. packets from a tunnel-mode SA are dropped if
>   no policy exists. You most likely only have an input policy, but no
>   forward policy. If you use setkey to configure your policies,
>   duplicate the input policy and replace '-P in' with '-P fwd'. If you
>   let racoon generate the policy you need to upgrade to the latest
>   version. pluto should already get it right." -
>  but I don't know, how to do it using openswan..

pluto is the openswan keying daemon, so according to your quote openswan
should not be affected.

Openswan works on 2.4 and 2.6 kernels. You must be having another issues.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list