[Openswan Users] No Traffic on the IPsec tunnel
ragothaman prasath
rkprasath at yahoo.com
Tue Apr 28 01:53:47 EDT 2009
Hi,
I have compiled openswan-2.6.20 for linux kerner-2.6.25.
The setup is as below:
192.168.2.0/24 <--> 10.1.4.212 <--> 10.1.5.62 <--> 192.168.3.0/24
I was able to establish the tunnel.
But when I ping, there was not traffic on the IPsec tunnel.
I checked the routes many time and it was correct.
The logs are as below:
ipsec_tunnel_start_xmit: STARTING<6>klips_debug:ipsec_xmit_strip_hard_header: >>> skb->len=84 hard_header_len:4 45:00:00:54
klips_debug: IP: ihl:20 ver:4 tos:0 tlen:84 id:0 DF frag_off:0 ttl:64 proto:1 (ICMP) chk:26667 saddr:10.1.4.212 daddr:192.168.3.1 type:code=8:0
klips_debug:ipsec_xmit_strip_hard_header: Original head,tailroom: 16,28
klips_debug:ipsec_findroute: 10.1.4.212:0->192.168.3.1:0 1
klips_debug:rj_match: * See if we match exactly as a host destination
klips_debug:rj_match: ** try to match a leaf, t=0pc380cb60
klips_debug:rj_match: *** start searching up the tree, t=0pc380cb60
klips_debug:rj_match: **** t=0pc380cb78
klips_debug:rj_match: **** t=0pc24de620
klips_debug:rj_match: ***** cp2=0pc0573848 cp3=0pc2af72f0
klips_debug:rj_match: ***** not found.
klips_debug:ipsec_xmit_SAlookup: checking for local udp/500 IKE packet saddr=a0104d4, er=0p00000000, daddr=c0a80301, er_dst=0, proto=1 sport=0 dport=0
klips_debug:ipsec_xmit_encap_bundle: shunt SA of DROP or no eroute: dropping.
klips_debug:ipsec_xsm: processing completed due to IPSEC_XMIT_STOLEN.
klips_debug:ipsec_tunnel_start_xmit: encap_bundle failed: 2
Thanks for the help in advance.
Regards,
Prasath RK.
More information about the Users
mailing list