[Openswan Users] packets get dropped by the ipsec
Egor N. Martovetsky
egor at pasemi.com
Fri Oct 26 22:18:13 EDT 2007
Paul, thanks for your help.
I tried your suggestion, but it doesn't like type=%direct,
when I try to add connection, it complains:
ipsec auto --add host-to-host
ipsec_auto: fatal error in "host-to-host": unknown type "%direct"
I will try to setup a tunnel between different networks next, unless
I get another suggestion.
Paul Wouters wrote:
>On Fri, 26 Oct 2007, Egor N. Martovetsky wrote:
>
>
>
>>example to set up a host-to-host tunnel using 2 machines on the same subnet
>>running 2.6.22 kernel.
>>
>>things were working fine when I was using kernels with NETKEY. The pings from
>>one
>>machine made it to the other through the tunnel. However, I realized I need
>>to use KLIPS in order to get hw acceleration through OCF, so that's what I'm
>>using now.
>>
>>the connection is still established, but the pings to the left machine from
>>right machine
>>get dropped by ipsec at the source machine.
>>
>>
>
> leftnexthop=10.1.12.146 # correct in many situations
> right=10.1.12.146 # Remote vitals
>
>Can you try commenting out leftnexthop and adding type=%direct ?
>(or add a "router" between the two machines for a proper test)
>
>Paul
>
>
--
Egor N. Martovetsky
More information about the Users
mailing list