RE [Openswan Users] Anyone try to install openswan-2.4.4 on L
inux -2.6.14.4
Sherman Chan
Sherman.Chan at world.net
Thu Feb 23 10:55:53 CET 2006
Hi Paul,
The same firewall rule and rp_filter, which been set to 0, I used on
openswan-2.4.4 with linux-2,4,3x and working ok.
Do I need to set it to 1 on openswan 2.4.5rc with linux 2.6.14.4?
The firewall rule basically
-A INPUT -p all -s xxx/24 -j ACCEPT
And
-A FORWARD -p all -s xxx/24 -j ACCETP
So I do not think it is a firewall rule issue
Sherman
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, 23 February 2006 12:46 PM
To: Sherman Chan
Cc: 'users at openswan.org'
Subject: RE: RE [Openswan Users] Anyone try to install openswan-2.4.4 on L
inux -2.6.14.4
On Thu, 23 Feb 2006, Sherman Chan wrote:
> These is what I see with openswan 2.4.5rc5 on linux-2.6.14.4, since
> I'm not using NAT Travelsal, so I ignore the error, or I should not
>
> Version check and ipsec on-path [OK]
> Linux Openswan 2.4.5rc5 (klips)
> Checking for IPsec support in kernel [OK]
> KLIPS detected, checking for NAT Traversal support [FAILED]
> Checking for RSA private key (/etc/ipsec.secrets) [OK]
> Checking that pluto is running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
Looks good.
> 004 "my-access" #705: STATE_QUICK_I2: sent QI2, IPsec SA established
> {ESP=>0x56fa544f <0xcbe4c4c8 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
Looks good.
> When I do ping, I got time out, and with tcpdump
>
> I see the following 2 keeping repeating itself
> 11:39:42.109197 9.8.7.6 > 1.2.3.4: ESP(spi=0x56fa544f,seq=0x34)
> 11:39:43.110076 1.2.3.4 > 9.8.7.6: ESP(spi=0xcbe4c4c8,seq=0x37)
Those are your encrypted pings
Are there firewall rules or perhaps rp_filter that might block the packets?
Paul
More information about the Users
mailing list