[Openswan Users] ping packets are not encapsulated with ESP
Paul Wouters
paul at xelerance.com
Tue Apr 26 12:17:59 EDT 2011
On Mon, 25 Apr 2011, Jayasri Sangu wrote:
> Date: Mon, 25 Apr 2011 15:11:38 -0700
> From: Jayasri Sangu <JayasriS at aaesys.com>
> To: "users at openswan.org" <users at openswan.org>
> Subject: [Openswan Users] ping packets are not encapsulated with ESP
> I am using openswan-2.6.33 on embedded linux with powerpc processor.
> I was able to establish the tunnel between the gateway A nd gateway B.
> But the packets are not encapsulated for both host-to-host and
> net-to-net.
> my ipsec.conf file
you are missing the entire "config setup" section?
Try adding:
config setup
protostack=klips
intefaces="ipsec0=eth0"
> 000 using kernel interface: mast
You are using mast, not klips. Add the lines above to fix that.
> 000 #2: "net-to-net":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
> EVENT_SA_REPLACE in 26811s; newest IPSEC; eroute ow
>
> 000 #2: "net-to-net" esp.dd4d92c8 at 10.0.1.181 esp.d7ff7f2 at 10.0.1.171
> tun.1001 at 10.0.1.181 tun.1002 at 10.0.1.171 ref=3 refhim=1
>
> 000 #1: "net-to-net":500 STATE_MAIN_I4 (ISAKMP SA established);
> EVENT_SA_REPLACE in 2130s; newest ISAKMP; lastdpd=-1s(seq in:
note only net-net was up, so you need to test using a source ip
of your subnet, which might not be the ip picked by ping if you
don't specify -I. (See leftsourceip= in the man page)
Paul
More information about the Users
mailing list