[Openswan Users] IPsec packets sent on wrong interface with OpenVZ host
Paul Wouters
paul at xelerance.com
Thu Jun 19 10:51:11 EDT 2008
On Thu, 19 Jun 2008, Marcus Better wrote:
> Paul Wouters wrote:
>> This looks like you are using netkey. Can you run ipsec verify and see
>> if you have properly disabled sendinf redirects. Netkey can get confused
>> about interfaces sometimes.
>
> I hadn't, but now I have:
> NETKEY detected, testing for disabled ICMP send_redirects [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects [OK]
> However nothing changed even after restarting OpenSWAN.
Then I'm afraid you'll have to explain your situation to Herbert Xu, because
it looks like this is a NETKEY issue.
AFAIK, there is no NETKEY debugging that can be enabled, so this will be hard
to figure out.
Paul
More information about the Users
mailing list