[Openswan Users] build openswan 2.6.26 rpm with klips kernel module
Steve Zeng
SteveZ at airg.com
Sat May 29 00:51:19 EDT 2010
I made 4 separate conns and problem remains the same. I am using openswan 2.6.24. do I need to upgrade to 2.6.26?
Run "ipsec auto --status" give me warning as below as always. Does it matter?
000 WARNING: Either virtual_private= was not specified, or there was a syntax
000 error in that line. 'left/rightsubnet=%priv' will not work!
Tail /var/log/secure and I got the following errors for each connections:
received Delete SA payload: replace IPSEC State #193 in 10 seconds
ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x266e18d4) not found (our SPI - bogus implementation)
received Delete SA payload: replace IPSEC State #194 in 10 seconds
ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x69af8a35) not found (our SPI - bogus implementation)
Steve
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: May 28, 2010 5:38 PM
To: Steve Zeng
Cc: mhw at wittsend.com; Users at openswan.org
Subject: Re: [Openswan Users] build openswan 2.6.26 rpm with klips kernel module
On Fri, 28 May 2010, Steve Zeng wrote:
> the problem for this config is, ping between 169.254.255.2 and 169.254.255.1 got about 50% loss. The good thing is, I will be able to ping from my network (192.168.1.0/24) to amazon vpc (10.0.0.0/24) with 50% packet loss as well.
>
> If I replace leftsubnets= and rightsubnets= with the following configs:
>
> # leftsubnets= {169.254.255.2/30,192.168.1.0/24}
> # rightsubnets= {169.254.255.1/30,10.0.0.0/24}
> leftsubnet= 169.254.255.2/30
> rightsubnet= 169.254.255.1/30
>
> the ping test between 169.254.255.2 and 169.254.255.1 is 100% success. BGP still works. but I lose the ability to ping from my network (192.168.1.0/24) to amazon vpc (10.0.0.0/24). It is a puzzle to me.
Odd. I guess you can try making 4 seperate conns with all combinations of left/right and
see how that works.
Paul
More information about the Users
mailing list