[Openswan Users] IPsec packets sent on wrong interface with OpenVZ host
marcus at better.se
Thu Jun 19 10:17:42 EDT 2008
Paul Wouters wrote:
> This looks like you are using netkey. Can you run ipsec verify and see
> if you have properly disabled sendinf redirects. Netkey can get confused
> about interfaces sometimes.
I hadn't, but now I have:
~# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.12/K2.6.24-quartic (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
However nothing changed even after restarting OpenSWAN.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.openswan.org/pipermail/users/attachments/20080619/37d12450/attachment-0001.bin
More information about the Users