[Openswan Users] Traffic not passing through established tunnels.
Sridhar Srinivasan
ssridhar at barracuda.com
Fri Apr 3 09:33:06 EDT 2009
Hi All,
I created site-to-site vpn using openswan 2.6.21 with netkey on two
gateways.
There were multiple subnets on both ends and one connection for every subnet
pair. With around 30 connections between the same pair of gateways,some
tunnels
were not getting established. They were stuck in QUICK_I1/QUICK_R1 state.
So I was periodically checking the tunnels that were not established and
bringing it up (asynchronous) through a script. Now I see that all the
tunnels
are getting established. But there are some tunnels on which the traffic is
not passing when I try to ping.
The esp packet corresponding to ping is
06:54:51.759350 IP 104.1.1.1 > 101.1.1.1: ESP(spi=0x8eaac093,seq=0x3b),
length 1
16
I am attaching the following outputs:
ipsec auto --status output for the tunnel on both gateways.
ip xfrm state and policy outputs on both the gateways.
Please let me know how to recover from this situation or if you need
any more information.
Thanks,
-Sridhar.
----------------------------------
Barracuda Networks makes the best spam firewalls and web filters. www.barracudanetworks.com
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: local_endpoint_ipsec.log
Url: http://lists.openswan.org/pipermail/users/attachments/20090403/e0c9e9ce/attachment-0006.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: local_endpoint_ip_xfrm_policy
Url: http://lists.openswan.org/pipermail/users/attachments/20090403/e0c9e9ce/attachment-0007.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: local_endpoint_ip_xfrm_state
Url: http://lists.openswan.org/pipermail/users/attachments/20090403/e0c9e9ce/attachment-0008.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: remote_endpoint_ipsec.log
Url: http://lists.openswan.org/pipermail/users/attachments/20090403/e0c9e9ce/attachment-0009.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: remote_endpoint_ip_xfrm_policy
Url: http://lists.openswan.org/pipermail/users/attachments/20090403/e0c9e9ce/attachment-0010.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: remote_endpoint_ip_xfrm_state
Url: http://lists.openswan.org/pipermail/users/attachments/20090403/e0c9e9ce/attachment-0011.pl
More information about the Users
mailing list