RE [Openswan Users] Anyone try to install openswan-2.4.4 on L
inux -2.6.14.4
Paul Wouters
paul at xelerance.com
Thu Feb 23 02:45:44 CET 2006
On Thu, 23 Feb 2006, Sherman Chan wrote:
> These is what I see with openswan 2.4.5rc5 on linux-2.6.14.4, since I'm not
> using NAT Travelsal, so I ignore the error, or I should not
>
> Version check and ipsec on-path [OK]
> Linux Openswan 2.4.5rc5 (klips)
> Checking for IPsec support in kernel [OK]
> KLIPS detected, checking for NAT Traversal support [FAILED]
> Checking for RSA private key (/etc/ipsec.secrets) [OK]
> Checking that pluto is running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
Looks good.
> 004 "my-access" #705: STATE_QUICK_I2: sent QI2, IPsec SA established
> {ESP=>0x56fa544f <0xcbe4c4c8 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
Looks good.
> When I do ping, I got time out, and with tcpdump
>
> I see the following 2 keeping repeating itself
> 11:39:42.109197 9.8.7.6 > 1.2.3.4: ESP(spi=0x56fa544f,seq=0x34)
> 11:39:43.110076 1.2.3.4 > 9.8.7.6: ESP(spi=0xcbe4c4c8,seq=0x37)
Those are your encrypted pings
Are there firewall rules or perhaps rp_filter that might block the packets?
Paul
More information about the Users
mailing list