[Openswan Users] packets get dropped by the ipsec

Paul Wouters paul at xelerance.com
Fri Oct 26 17:41:22 EDT 2007

On Fri, 26 Oct 2007, Egor N. Martovetsky wrote:

> example to set up a host-to-host tunnel using 2 machines on the same subnet
> running 2.6.22 kernel.
> things were working fine when I was using kernels with NETKEY.  The pings from
> one
> machine made it to the other through the tunnel.  However, I realized I need
> to use KLIPS in order to get hw acceleration through OCF, so that's what I'm
> using now.
> the connection is still established, but the pings to the left machine from
> right machine
> get dropped by ipsec at the source machine.

    leftnexthop=        # correct in many situations
    right=              # Remote vitals

Can you try commenting out leftnexthop and adding type=%direct ?
(or add a "router" between the two machines for a proper test)

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list