RE [Openswan Users] Anyone try to install openswan-2.4.4 on L inux -2.6.14.4

Paul Wouters paul at xelerance.com
Thu Feb 23 02:45:44 CET 2006


On Thu, 23 Feb 2006, Sherman Chan wrote:

> These is what I see with openswan 2.4.5rc5 on linux-2.6.14.4, since I'm not
> using NAT Travelsal, so I ignore the error, or I should not
>
> Version check and ipsec on-path                                 [OK]
> Linux Openswan 2.4.5rc5 (klips)
> Checking for IPsec support in kernel                            [OK]
> KLIPS detected, checking for NAT Traversal support              [FAILED]
> Checking for RSA private key (/etc/ipsec.secrets)               [OK]
> Checking that pluto is running                                  [OK]
> Two or more interfaces found, checking IP forwarding            [OK]
> Checking NAT and MASQUERADEing
> Checking for 'ip' command                                       [OK]
> Checking for 'iptables' command                                 [OK]
> Opportunistic Encryption Support                                [DISABLED]

Looks good.

> 004 "my-access" #705: STATE_QUICK_I2: sent QI2, IPsec SA established
> {ESP=>0x56fa544f <0xcbe4c4c8 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}

Looks good.

> When I do ping, I got time out, and with tcpdump
>
> I see the following 2 keeping repeating itself
> 11:39:42.109197 9.8.7.6 > 1.2.3.4: ESP(spi=0x56fa544f,seq=0x34)
> 11:39:43.110076 1.2.3.4 > 9.8.7.6: ESP(spi=0xcbe4c4c8,seq=0x37)

Those are your encrypted pings

Are there firewall rules or perhaps rp_filter that might block the packets?

Paul


More information about the Users mailing list