[Openswan Users] Questions regarding firewall and routing accommodations for openswan 2.6.28
neal.p.murphy at alum.wpi.edu
Fri Sep 17 02:35:14 EDT 2010
On Thursday 16 September 2010 13:32:43 Neal Murphy wrote:
> I've just set 'protostack=klips' and, Hairy Thunderer be praised, it works!
> Traffic passes both directions! That was the clue I needed. Cosmic Muffin
> was just toying with me all these weeks. Now I can move on with the
Another small detail. The permission on /proc/net/ipsec/eroute/all is 400 now;
it used to be 444. Chmod fixes it, but it's still an inconsistency when
compared to an older version (like 2.4.15).
An oddity I saw *once* was that the /proc/net/ipsec/... tree was hosed up at
one time. The name of the eroute dir was garbled, and permissions are way
off: files were 400 and dirs were 555. I only saw this once, and possibly as
a result of switching between mast and klips. IIRC, an rmmod/insmod cycle of
ipsec cleared it up.
More information about the Users