[Openswan Users] Tunnel up but not traffic passing through
Fabio Corazza
fabio at newbay.com
Wed Jun 14 17:14:51 CEST 2006
Hi there,
I have problems for a tunnel that can be established correctly but I
can't get any traffic passing through.
OpenSwan 2.4.5 with NETKEY (2.6.16.20) is connecting to a remote
Netscreen 5xt. No NAT, just p-t-p tunnel connection.
The tunnel, as said above, is established correctly and all the phases
seems to go fine:
"customer" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0xbbdfd7fd <0xec953f05 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
In the Netscreen logs we get this error:
NewBay-VPNC[198.xx.xx.xx] received an unencrypted packet from
213.79.xx.xx when encrypt required!
The crazy thing is that sometimes it worked, other times it didn't (99%).
Iptables is OK, the rules are the same for other VPN connection that
actually work, so I think that is an issue related just with the Netscreen.
This is the conf:
conn customer
left="213.79.xx.xx"
esp="3des-md5"
auth="esp"
authby="secret"
ikelifetime="28880"
keyexchange="ike"
pfsgroup="modp1024"
pfs="yes"
leftsubnet="192.168.2.0/24"
keylife="3600"
right="198.xx.xx.xx"
rightsubnet="198.xx.xx.xx/28"
auto="add"
compress="no"
type="tunnel"
ike="3des-md5-modp1024"
Any help greatly appreciated.
Thanks,
Fabio
More information about the Users
mailing list