[Openswan Users] but no connection has been authorized with policy=PSK
Paul Wouters
paul at xelerance.com
Tue Apr 12 14:57:39 EDT 2011
On Tue, 12 Apr 2011, Neal Murphy wrote:
> I believe there's another cause for such one-way traffic (though it may not be
> related to Thomas' trouble). I encountered the same thing when moving from
> 2.4.15 to 2.6.2x: one way traffic even though all *looked* OK. Paul said to
> add 'protostack=klips', despite it being the default and despite OpenSwan
> saying it was doing just that. I did. The problem vanished.
Note the default of the stack autopick (not specifying protostack=) is:
1) NETKEY
2) MAST
3) KLIPS
Some people were seeing some unexpected issues when they got mast instead of
klips, perhaps because of iptables rules usng ipsecX instead of mastX.
Note that early 2.6.x version (before 2.6.31 or so?) Did not auto-pick MAST
ever.
Paul
More information about the Users
mailing list