[Openswan Users] Trying to find why ipsec0 tx dropped occurs
Paul Wouters
paul at xelerance.com
Fri Jun 11 10:11:17 EDT 2010
On Fri, 11 Jun 2010, Mike C wrote:
> # ping 192.168.25.254
> PING 192.168.25.254 (192.168.25.254): 56 data bytes
> ping: sendto: Invalid argument
firewall rule?
> I get these same messages regardless of what machine it is initiated
> on in the 192.168.18.0/24 network. What is causing the packets to be
> dropped,and more importantly what needs to be changed?
>
> The machine is linux 2.6.32-9, with uClibc and busybox. Perl isn't
> installed so ipsec verify isn't working.
Usually, NAT'ing ipsec packets causes symptoms like these.
> Jun 11 09:14:20 testbox user.warn pluto[2204]: "tun1" #5: up-client
> output: //lib/ipsec/_updown.klips: changesource `ip route change
> 192.168.25.0/24 dev ipsec0 src 192.168.18.254' failed (RTNETLINK
> answers: No such file or directory)
You have a leftsourceip= that's outside of leftsubnet= ?
> 94.11.24.57:500 but no connection has been authorized with policy=PSK
This suggests your tunnel is not up?
> Jun 11 09:14:15 testbox user.warn pluto[2204]: time moved backwards 8 seconds
That could also temporarilly cause problems.
> + _________________________ iptables
> +
> + test -r /sbin/iptables
> [output removed]
> Packets are definitely being accepted by firewall
But are they NAT'ed by mistake too?
Paul
More information about the Users
mailing list