[Openswan Users] IPSEC Pluto + Allow Unencrypted packets

shobhit shingla coolshobhit7 at gmail.com
Thu Jul 30 08:17:13 EDT 2009


I am using openswan in my network processor.

Problem is Network processor performs the decryption in fast path

So If the packet is for local IP, decrypted packet is injected into
Linux Stack.

But I think ipsec is rejecting the decrypted packet in my kernel.

this is my scenario
Network Processor

ipsec.conf on Network processor
leftIP =
leftSubnet =
rightIP =
 rightSubnet =
ike= 3des-sha1
auto = add
authby = secret

Tunnel is created successfuly

If i ping from say to ,all works fine

But when i ping to from any right subnet IP, ESP packet is
decrypted in fast path,so Linux stack will receive decrypted packet. But
somehow that packet is lost.

Is IPSEC rejecting unencrypted packet?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090730/f4fe28a5/attachment.html 

More information about the Users mailing list