[Openswan Users] Questions regarding firewall and routing accommodations for openswan 2.6.28

Neal Murphy neal.p.murphy at alum.wpi.edu
Fri Sep 17 02:35:14 EDT 2010

On Thursday 16 September 2010 13:32:43 Neal Murphy wrote:
> I've just set 'protostack=klips' and, Hairy Thunderer be praised, it works!
> Traffic passes both directions! That was the clue I needed. Cosmic Muffin
> was just toying with me all these weeks. Now I can move on with the
> project.

Another small detail. The permission on /proc/net/ipsec/eroute/all is 400 now; 
it used to be 444. Chmod fixes it, but it's still an inconsistency when 
compared to an older version (like 2.4.15).

An oddity I saw *once* was that the /proc/net/ipsec/... tree was hosed up at 
one time. The name of the eroute dir was garbled, and permissions are way 
off: files were 400 and dirs were 555. I only saw this once, and possibly as 
a result of switching between mast and klips. IIRC, an rmmod/insmod cycle of 
ipsec cleared it up.


More information about the Users mailing list