[Openswan Users] Packets silently dropped on Tunnel
Gupta, Deepak (Deepak)
deepak.dg.gupta at alcatel-lucent.com
Thu May 13 15:54:29 EDT 2010
Hello List,
I have the following setup:
Client is running openswan 2.6.14
Server is running openswan 2.6.14
Both boxes are running RHEL4 2.6.18-164
iptables-1.3.5
There are a 3 to 4 tunnels up and runing between the 2. The server has simple SNAT rules since its external interface has a physical and a virtual IP (left ip address) and all packets that are output from the server are SNAT to the virtual IP if the packet had a source IP of the physical IP. The client has no firewall at all.
In this setup, I am sending a single ICMP ping every few seconds from the client to the server virtual IP and I notice that occassionally the pings fail. Capturing this traffic shows that the ICMP echo request reached the server and the echo reply reached the client back however, the client did not seem to register the reply?
It's the same behavior for the following configs:
On both the client and the server:
nat-traversal=yes
forceencaps=yes
On both the client and the server:
nat-traversal commented out
forceencaps commented out
Any pointers would be greatly appreciated.
Many thanks in advance,
-Deepak
More information about the Users
mailing list