[Openswan Users] auth=ah broken on 2.4.12 release?
austinxxh-ipsec at yahoo.com
austinxxh-ipsec at yahoo.com
Wed Sep 3 17:38:47 EDT 2008
PC1(192.168.1.21)-- --PC2(192.168.2.21)
| |
LEFT_GATEWAY --------------- RIGHT_GATEWAY
eth1 eth0 eth0 eth1
192.168.1.160 200.200.200.10 200.200.200.20 192.168.2.160
With default "auth=esp", I can set up the tunnel between two subnets(192.168.1.0/24, 192.168.2.0/24), and ping from PC1 to PC2.
If I switch "auth=esp" to "auth=ah" in ipsec.conf, all other settings stay the same, the AH+ESP tunnel is set up correctly, however, when I ping from PC1 to PC2, I can only observe "ICMP request" from PC1 all the way to RIGHT_GATEWAY when I run "tcpdump -i eth0" on LEFT_GATEWAY and RIGHT_GATEWAY, there is never an "ICMP reply" was seen on the wire.
Considering "auth=esp" works fine, and the only change I made is to change "esp" to "ah", does that mean "auth=ah" mode is not working under 2.4.12 release?
Thanks!
Xiao
More information about the Users
mailing list