[Openswan Users] Misdirected packets and setkey Invalid directions
John A. Sullivan III
jsullivan at opensourcedevel.com
Fri Oct 30 18:47:04 EDT 2009
Hello, all. Every once in a while, our monitoring system is throwing
false outages for some of the devices on the other side of our OpenSWAN
tunnels. I can see from the logs that the system is misdirecting
packets destined for the tunnel to the Internet on these rare occasions.
I ran a setkey -aPD just to see what it would tell me and I saw a number
of these:
(per-socket policy)
Policy:[Invalid direciton]
created: Oct 24 21:46:41 2009 lastused: Oct 30 18:22:24 2009
lifetime: 0(s) validtime: 0(s)
spid=300 seq=47 pid=22134
refcnt=1
(per-socket policy)
Policy:[Invalid direciton]
created: Oct 24 21:46:41 2009 lastused: Oct 30 18:22:24 2009
lifetime: 0(s) validtime: 0(s)
spid=291 seq=48 pid=22134
refcnt=1
(per-socket policy)
Policy:[Invalid direciton]
created: Oct 24 21:46:41 2009 lastused:
lifetime: 0(s) validtime: 0(s)
spid=284 seq=49 pid=22134
refcnt=1
(per-socket policy)
Policy:[Invalid direciton]
created: Oct 24 21:46:41 2009 lastused:
lifetime: 0(s) validtime: 0(s)
spid=275 seq=50 pid=22134
refcnt=1
The last used times have a very loose but not definite correlation to
the misdirected packets. What are these per-socket policies? Is it a
problem that they say Invalid direciton (sic.)?
Would there be any correlation to these misdirected packets or is that
just normal behavior if the monitoring system happened to send a packet
just when the tunnel was being renegotiated?
I'm running kernel 2.6.30.5 with openswan-2.6.21-5.el5 on CentOS 5.4.
Thanks - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
More information about the Users
mailing list