[Openswan Users] Misdirected packets and setkey Invalid directions
Paul Wouters
paul at xelerance.com
Fri Oct 30 23:36:19 EDT 2009
On Fri, 30 Oct 2009, John A. Sullivan III wrote:
> Hello, all. Every once in a while, our monitoring system is throwing
> false outages for some of the devices on the other side of our OpenSWAN
Please do not use the spelling "OpenSWAN", since "swan" is a registered
trademark from some third party. The name is "Openswan" or "openswan".
> I ran a setkey -aPD just to see what it would tell me and I saw a number
> of these:
>
> (per-socket policy)
> Policy:[Invalid direciton]
Don't use setkey. Remove ipsec-tools. Use "ip xfrm state" and "ip xfrm policy"
instead.
> The last used times have a very loose but not definite correlation to
> the misdirected packets. What are these per-socket policies? Is it a
> problem that they say Invalid direciton (sic.)?
They might be "state" objects (versus policy objects)
Paul
More information about the Users
mailing list