[Openswan Users] IPsec packets sent on wrong interface with OpenVZ host

Marcus Better marcus at better.se
Thu Jun 19 10:17:42 EDT 2008

Paul Wouters wrote:
> This looks like you are using netkey. Can you run ipsec verify and see
> if you have properly disabled sendinf redirects. Netkey can get confused
> about interfaces sometimes.

I hadn't, but now I have:

~# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.12/K2.6.24-quartic (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

However nothing changed even after restarting OpenSWAN.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.openswan.org/pipermail/users/attachments/20080619/37d12450/attachment-0001.bin 

More information about the Users mailing list