[Openswan Users] 2.4.6 <--> 2.4.6 stops passing traffic

Paul Wouters paul at xelerance.com
Wed Mar 7 20:04:41 EST 2007


On Wed, 7 Mar 2007, Robert Woodcock wrote:

> > > erouted, tcpdump while pinging between Soekrises shows ICMP
> ECHO_REQUEST
> > > packets making it to their destination, ICMP ECHO_RESPONSE packets
> going
> > > out ipsec0, but no corresponding ESP packets going out eth0.
> >
> > Are you sure your uplink device (ppp0?) did not vanish and re-appear?

> Yes - our uplink is eth0 (local network is eth1). It's quite possible
> that
> connectivity to the other site vanished temporarily, but the interface
> certainly didn't.

In that case, once this situation is happening, try to run
ipsec klipsdebug --all, and send a few pings, and capture 'dmesg' to
see if that gives us any clue as to what is happening. Also, what
are the IKE messages in the last 1-8 hours? Did the ISAKMP expire,
and is it the ipsec SA that finally expired when traffic stopped? Or
something else?

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list