[Openswan Users] packets get dropped by the ipsec
Paul Wouters
paul at xelerance.com
Fri Oct 26 17:41:22 EDT 2007
On Fri, 26 Oct 2007, Egor N. Martovetsky wrote:
> example to set up a host-to-host tunnel using 2 machines on the same subnet
> running 2.6.22 kernel.
>
> things were working fine when I was using kernels with NETKEY. The pings from
> one
> machine made it to the other through the tunnel. However, I realized I need
> to use KLIPS in order to get hw acceleration through OCF, so that's what I'm
> using now.
>
> the connection is still established, but the pings to the left machine from
> right machine
> get dropped by ipsec at the source machine.
leftnexthop=10.1.12.146 # correct in many situations
right=10.1.12.146 # Remote vitals
Can you try commenting out leftnexthop and adding type=%direct ?
(or add a "router" between the two machines for a proper test)
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list