[Openswan Users] Traffic not passing through established tunnels.
Paul Wouters
paul at xelerance.com
Mon Apr 6 21:21:14 EDT 2009
On Fri, 3 Apr 2009, Sridhar Srinivasan wrote:
>
> I created site-to-site vpn using openswan 2.6.21 with netkey on two gateways.
> There were multiple subnets on both ends and one connection for every subnet
> pair. With around 30 connections between the same pair of gateways,some
> tunnels
> were not getting established. They were stuck in QUICK_I1/QUICK_R1 state.
That's not good. Did you have these problems with older versions too? Or is
this a new deployment?
> So I was periodically checking the tunnels that were not established and
> bringing it up (asynchronous) through a script. Now I see that all the
> tunnels are getting established. But there are some tunnels on which the traffic is
> not passing when I try to ping.
>
> The esp packet corresponding to ping is
> 06:54:51.759350 IP 104.1.1.1 > 101.1.1.1: ESP(spi=0x8eaac093,seq=0x3b),
Your cure might have caused this problem. The ip xfrm output looked okay though.
But you'd have to check the state of the tunnel on the other endpoint too. It
might not agree with this one.
Paul
More information about the Users
mailing list