[Openswan Users] 2.4.6 <--> 2.4.6 stops passing traffic
Robert.Woodcock at Homestone.com
Wed Mar 7 12:49:25 EST 2007
I've set up an IPSec link between two identical Soekris net4801's
Debian etch, Linux 2.4.34 (kernel.org source with the Debian etch
linux-patch-openswan package's patch applied), and OpenS/WAN 2.4.6 (the
package in Debian etch), with the following ipsec.conf:
The link works fine. However, 5 times in the last month it has stopped
passing traffic. "ipsec whack --status" output looks no different
SA established"), "ipsec eroute" will show the connection is still
tcpdump while pinging between Soekrises shows ICMP ECHO_REQUEST packets
making it to their destination, ICMP ECHO_RESPONSE packets going out
ipsec0, but no corresponding ESP packets going out eth0.
"/etc/init.d/ipsec restart" on one end will bring the link back.
Last time I messed with OpenS/WAN, I used OpenS/WAN 2.2.0 with 3DES/MD5
and no PFS, and it was absolutely rock solid. Any suggestions on how I
can get the same results with 2.4.x, AES, SHA, and PFS?
More information about the Users