[Openswan Users] Openswan 2.4.7 and juniper ns208
Paul Wouters
paul at xelerance.com
Thu Dec 7 13:12:52 EST 2006
On Thu, 7 Dec 2006, Didine wrote:
> I try to set up a connexion between openswan (Linux Openswan U2.4.7/K2.6.18-
> 1.2798.fc6 (netkey)) and a Juniper ns208.
> 004 "lt85_to_centre" #12: STATE_QUICK_I2: sent QI2, IPsec SA established
> {ESP=>0x7593622b <0x6859dbc5 xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}
So the tunnel is established.
> A tcpdump shows the following (no ESP msg):
>
> =====================================================================
> [root at lt85 ~]# tcpdump host 194.250.x.x
> 19:48:37.441373 IP lt85.xxx.xxx > 194.250.x.x : ICMP echo request, id 1024,
> seq 55960, length 24
that's normal for netkey. The packets get encrypted after tcpdump can see
them. It's annoying.
Run ipsec verify. See if you have bogus redirects, rp_filter or ip_forwarding
misconfigured. Checkfirewall dfor NAT rules (dont NAT ipsec packets).
Paul
More information about the Users
mailing list