[Openswan Users] packets get dropped by the ipsec

Egor N. Martovetsky egor at pasemi.com
Fri Oct 26 22:18:13 EDT 2007


Paul, thanks for your help.

I tried your suggestion, but it doesn't like type=%direct,
when I try to add connection, it complains:

ipsec auto --add host-to-host
ipsec_auto: fatal error in "host-to-host": unknown type "%direct"

I will try to setup a tunnel between different networks next, unless
I get another suggestion.

Paul Wouters wrote:

>On Fri, 26 Oct 2007, Egor N. Martovetsky wrote:
>
>  
>
>>example to set up a host-to-host tunnel using 2 machines on the same subnet
>>running 2.6.22 kernel.
>>
>>things were working fine when I was using kernels with NETKEY.  The pings from
>>one
>>machine made it to the other through the tunnel.  However, I realized I need
>>to use KLIPS in order to get hw acceleration through OCF, so that's what I'm
>>using now.
>>
>>the connection is still established, but the pings to the left machine from
>>right machine
>>get dropped by ipsec at the source machine.
>>    
>>
>
>    leftnexthop=10.1.12.146        # correct in many situations
>    right=10.1.12.146              # Remote vitals
>
>Can you try commenting out leftnexthop and adding type=%direct ?
>(or add a "router" between the two machines for a proper test)
>
>Paul
>  
>


-- 
Egor N. Martovetsky



More information about the Users mailing list