[Openswan Users] 2.4.6 <--> 2.4.6 stops passing traffic
Robert Woodcock
Robert.Woodcock at Homestone.com
Wed Mar 7 19:02:39 EST 2007
On Wednesday, March 07, 2007, Paul Wouters wrote:
> On Wed, 7 Mar 2007, Robert Woodcock wrote:
> > The link works fine. However, 5 times in the last month it has
stopped
> > passing traffic. "ipsec whack --status" output looks no different
> > ("IPSec SA established"), "ipsec eroute" will show the connection is
still
> > erouted, tcpdump while pinging between Soekrises shows ICMP
ECHO_REQUEST
> > packets making it to their destination, ICMP ECHO_RESPONSE packets
going
> > out ipsec0, but no corresponding ESP packets going out eth0.
>
> Are you sure your uplink device (ppp0?) did not vanish and re-appear?
> KLIPS unfortunately is sensitive to that, and you either need to
> issue a tncfg command in a ppp ip-up script, or restart openswan on
> ppp ip-up. the tncfg commands would be like:
>
> ipsec tncfg --detach --virtual ipsec0
> ipsec tncfg --attach --virtual ipsec0 --real ppp0
Yes - our uplink is eth0 (local network is eth1). It's quite possible
that
connectivity to the other site vanished temporarily, but the interface
certainly didn't.
More information about the Users
mailing list