[Openswan Users] packets get dropped by the ipsec

Egor N. Martovetsky egor at pasemi.com
Fri Oct 26 22:18:13 EDT 2007

Paul, thanks for your help.

I tried your suggestion, but it doesn't like type=%direct,
when I try to add connection, it complains:

ipsec auto --add host-to-host
ipsec_auto: fatal error in "host-to-host": unknown type "%direct"

I will try to setup a tunnel between different networks next, unless
I get another suggestion.

Paul Wouters wrote:

>On Fri, 26 Oct 2007, Egor N. Martovetsky wrote:
>>example to set up a host-to-host tunnel using 2 machines on the same subnet
>>running 2.6.22 kernel.
>>things were working fine when I was using kernels with NETKEY.  The pings from
>>machine made it to the other through the tunnel.  However, I realized I need
>>to use KLIPS in order to get hw acceleration through OCF, so that's what I'm
>>using now.
>>the connection is still established, but the pings to the left machine from
>>right machine
>>get dropped by ipsec at the source machine.
>    leftnexthop=        # correct in many situations
>    right=              # Remote vitals
>Can you try commenting out leftnexthop and adding type=%direct ?
>(or add a "router" between the two machines for a proper test)

Egor N. Martovetsky

More information about the Users mailing list