[Openswan Users] 2.4.6 <--> 2.4.6 stops passing traffic
Paul Wouters
paul at xelerance.com
Wed Mar 7 13:54:48 EST 2007
On Wed, 7 Mar 2007, Robert Woodcock wrote:
> The link works fine. However, 5 times in the last month it has stopped
> passing traffic. "ipsec whack --status" output looks no different
> ("IPSec
> SA established"), "ipsec eroute" will show the connection is still
> erouted,
> tcpdump while pinging between Soekrises shows ICMP ECHO_REQUEST packets
> making it to their destination, ICMP ECHO_RESPONSE packets going out
> ipsec0, but no corresponding ESP packets going out eth0.
Are you sure your uplink device (ppp0?) did not vanish and re-appear?
KLIPS unfortunately is sensitive to that, and you either need to
issue a tncfg command in a ppp ip-up script, or restart openswan on
ppp ip-up. the tncfg commands would be like:
ipsec tncfg --detach --virtual ipsec0
ipsec tncfg --attach --virtual ipsec0 --real ppp0
Paul
More information about the Users
mailing list