[Openswan Users] packets dropped!!!

Paul Wouters paul at xelerance.com
Wed Mar 14 01:50:46 EDT 2007

On Wed, 14 Mar 2007, Nirmala Balu wrote:

> i am using openswan for ipsec...
> the layout is
> host A----gateway A----gateway B-----host B
>                                                -----host C
> Gateway A and Gateway B are ipsec enabled...tunnel is established between
> gateway A  and Gayeway B.i like to have ipsec enabled for(host A--host B)
> and ipsec disabled(i.e)normal connection between host A and host C(using
> same gateways).if i send information between host A and host C, packets are
> getting dropped... how should i configure for this layout???
> can anyone tell how to do this???

First of all, you REALLY do not want this. What's the issue with encrypting all?
CPU? Buy an accelerator card. You are going to make mistakes.

Per default, openswan assumes that if you have an IPsec tunnel between two
endpoints, that all your traffic between those endpoints will be encrypted.
You can allow plaintext packets (outside a tunnel definition, so you have
to make a tunnel to hostB/32 that does not include hostC) by using

Or you can use a /24 - /24 tunnel and build a more specific /24 - HostC/32
tunnel with auth=never and type=passthrough


More information about the Users mailing list