[Openswan Users] Cannot get packets to pass

Scott Weis kb2ear at kb2ear.net
Thu Feb 12 14:25:21 EST 2009

Downgrading to 2.4.13 fixed the problem.


-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Ruben Laban
Sent: Thursday, February 12, 2009 2:53 AM
To: users at openswan.org
Subject: Re: [Openswan Users] Cannot get packets to pass

On Wednesday 11 February 2009 at 19:42 (CET), Scott Weis wrote:
> Hi,
> I have been beating my head against the wall for the last 24 hours trying
> to get a tunnel up between my Openswan Linux box and my Astaro firewall.
> Both ends show the tunnel as being up.
> If I do a tcpdump on ipsec0 on the Linux box I can see packets coming from
> the Astaro box to my local network. I also see replies from my network.
> If I do a tcpdump on the Astaro I see packet going to my network but never
> anything back.
> Running openswan 2.6.20
> Any ideas???

This seems to be yet another case of : 

This bug seems to hit more and more people every day now.

In short: with openswan 2.6.x + klips + recent kernel, decryption works, 
encryption doesn't.

For the workarounds are downgrade either kernel (not sure how far exactly),
downgrade openswan to 2.4.13.


Ruben Laban
Systems and Network Administrator
ISM eCompany
Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan: 

More information about the Users mailing list