GregScott at InfraSupportEtc.com
Sat Jul 22 22:21:09 CEST 2006
> It is perhaps your firewall rules. I found the NETKEY process
> requires iptables rulesets that are trickier to write than KLIPS.
> The packets just appear on your forward chain with input
> interface as the external one. You might find there are, for
> example, anti-spoofing rules that are blocking the packets.
I thought of that - but packets are going out on the sending side in the
clear. I just posted a very long post with a bunch of raw data
illustrating it. My firewall rules could be messed up, but the
receiving side never sees any packets to test. If it were a case of
messed up firewall rules, tcpdump on the listening side would show me
something. For some reason, raw packets are going out in the clear,
instead of being "esp-ified".
More information about the Users