[Openswan Users]

Greg Scott GregScott at InfraSupportEtc.com
Sat Jul 22 22:21:09 CEST 2006

> It is perhaps your firewall rules. I found the NETKEY process 
> requires iptables rulesets that are trickier to write than KLIPS. 
> The packets just appear on your forward chain with input 
> interface as the external one. You might find there are, for 
> example, anti-spoofing rules that are blocking the packets.

I thought of that - but packets are going out on the sending side in the
clear.  I just posted a very long post with a bunch of raw data
illustrating it.  My firewall rules could be messed up, but the
receiving side never sees any packets to test.  If it were a case of
messed up firewall rules, tcpdump on the listening side would show me
something.  For some reason, raw packets are going out in the clear,
instead of being "esp-ified".  

- Greg

More information about the Users mailing list