[Openswan Users] IPsec packets sent on wrong interface with OpenVZ host

Paul Wouters paul at xelerance.com
Thu Jun 19 10:51:11 EDT 2008

On Thu, 19 Jun 2008, Marcus Better wrote:

> Paul Wouters wrote:
>> This looks like you are using netkey. Can you run ipsec verify and see
>> if you have properly disabled sendinf redirects. Netkey can get confused
>> about interfaces sometimes.
> I hadn't, but now I have:

> NETKEY detected, testing for disabled ICMP send_redirects       [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects     [OK]

> However nothing changed even after restarting OpenSWAN.

Then I'm afraid you'll have to explain your situation to Herbert Xu, because
it looks like this is a NETKEY issue.

AFAIK, there is no NETKEY debugging that can be enabled, so this will be hard
to figure out.


More information about the Users mailing list