[Openswan Users] Strange problem after updating from kernel 2.6.8 to 2.6.18

Paul Wouters paul at xelerance.com
Mon Dec 10 10:24:13 EST 2007

On Mon, 10 Dec 2007, Balázs Bárány wrote:

> I upgraded my server from Debian Sarge to Debian Etch, so the kernel got
> upgraded from 2.6.8 to 2.6.18 and Openswan to 2.4.6.
> But IPSEC simply stopped working. Everything is reported as OK, the SAs are
> there, routes correct, everything. However, not data go through the tunnel.

> I'm very sure that it isn't a firewall problem. I let through all IPSEC
> packets using iptables "-m policy --pol ipsec" and got matches in "iptables
> -L -n -v", so the packets should be accepted by the firewall. Also, all my
> chains have a LOG target at the end so I should notice if the packets get
> dropped.

2.6.18+ has new code for dealing with IPsec+NAT using NETKEY. You might have
to change your firewall rules.

Is there anyone who went through this that can post old and new style rules?

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list