[Openswan Users] Encrypting Local Network: Host-to-Host connection

Paul Wouters paul at xelerance.com
Thu Jun 19 09:22:59 EDT 2008

On Thu, 19 Jun 2008, hiren joshi wrote:

> conn ab
> left=a.b.c.d
> right=a.b.c.e
> I observed that after connection establishment, the ARP request for the
> peer is sent to (00:00:00:00:00:01) instead of (ff:ff:ff:ff:ff:ff).
> The remote peer doesn't reply to the request. As a result peer is
> declared dead by the initiator after the specified interval.

Is this using netkey or klips?

> I tried with type=%direct (as mentioned in the openswan book by Paul),
> but with openswan-2.4.8, it results in error (ipsec_auto: fatal error in
> "htoh": unknown type "%direct").

Can you try openswan 2.4.12?

> Then I tried with leftnexthop=%direct, but observed the same ARP
> behavior.

Is there anything else that is different in your setup. This simple
setup should clearly work....


More information about the Users mailing list