[Openswan Users] Strange problem after updating from kernel 2.6.8 to 2.6.18

Paul Wouters paul at xelerance.com
Mon Dec 10 10:24:13 EST 2007


On Mon, 10 Dec 2007, Balázs Bárány wrote:

> I upgraded my server from Debian Sarge to Debian Etch, so the kernel got
> upgraded from 2.6.8 to 2.6.18 and Openswan to 2.4.6.
>
> But IPSEC simply stopped working. Everything is reported as OK, the SAs are
> there, routes correct, everything. However, not data go through the tunnel.

> I'm very sure that it isn't a firewall problem. I let through all IPSEC
> packets using iptables "-m policy --pol ipsec" and got matches in "iptables
> -L -n -v", so the packets should be accepted by the firewall. Also, all my
> chains have a LOG target at the end so I should notice if the packets get
> dropped.

2.6.18+ has new code for dealing with IPsec+NAT using NETKEY. You might have
to change your firewall rules.

Is there anyone who went through this that can post old and new style rules?

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list