[Openswan Users] packets get dropped by the ipsec

Paul Wouters paul at xelerance.com
Fri Oct 26 17:41:22 EDT 2007


On Fri, 26 Oct 2007, Egor N. Martovetsky wrote:

> example to set up a host-to-host tunnel using 2 machines on the same subnet
> running 2.6.22 kernel.
>
> things were working fine when I was using kernels with NETKEY.  The pings from
> one
> machine made it to the other through the tunnel.  However, I realized I need
> to use KLIPS in order to get hw acceleration through OCF, so that's what I'm
> using now.
>
> the connection is still established, but the pings to the left machine from
> right machine
> get dropped by ipsec at the source machine.

    leftnexthop=10.1.12.146        # correct in many situations
    right=10.1.12.146              # Remote vitals

Can you try commenting out leftnexthop and adding type=%direct ?
(or add a "router" between the two machines for a proper test)

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list