[Openswan Users] Local esp packets are dropped on ipsec device when marking packets in OUTPUT chain
Wolfgang Nothdurft
wolfgang at linogate.de
Thu Apr 22 05:56:12 EDT 2010
Since I use policy based routing with fwmark and ip rules, I have a
problem with dropped esp packets on the ipsec device.
When marking packets in the output chain like
iptables -t mangle -A OUTPUT -j MARK --or-mark 0x1
the esp packets are rerouted due to the mark change and appears on the
ipsec device, where they are dropped with the following error:
klips_debug:ipsec_xmit_encap_bundle: shunt SA of DROP or no eroute:
dropping.
I' wondering if nobody else have this problem or if no one has a similar
setup.
I have reported the bug including a patch at
https://gsoc.xelerance.com/issues/1095
Wolfgang
More information about the Users
mailing list