[Openswan Users] [Openswan dev] Help needed with Openswan

[Paul Wouters]

On Sat, 25 Jun 2011, Sumit Kala wrote:

> Date: Sat, 25 Jun 2011 11:09:43 +0530
> From: Sumit Kala <sumitk31 at gmail.com>
> To: dev at openswan.org
> Subject: [Openswan dev] Help needed with Openswan

> I have been trying to setup IPSEC encryption between two linux boxes.
> I have a server application which runs on Linux Box A
> and a client application which runs on Linux Box B.

This is more a question for users at openswan.org, not dev at openswan.org, so I've
changed the reply-to and sent the answer over to users@

> The client sends the data to server.
> I have captured wireshark logs at both server and client end.
> In the wireshark logs I can see that the Box B send ESP packets to the Box A.
> 
> But the server Application running at Box A is is not able to get any packets.
> 
> If I turn the policy off at Box B, Box B sends normal UDP data packets to Box A, but still the Server Application running at box A doesn't get any packets.( Expected
> behavior since policy at Box A enforces that all packets coming from Box B should be encrypted.)
> 
> If I turn the policy off at Box A and Box B both, the server application receives the unencrypted data which is also expected behavior.
> 
> But when the policy is turned on at both the boxes the encrypted packets reach the Box A but are not delivered to the server application.
> 
> If anyone has faced such issue please help me to debug this issue.

Please run "ipsec verify" and see if it tells you something.
Double check you're not NATing packets after they're encrypted.

If that doesnt solve things for you, consider posting an "ipsec barf" output to a pastebin and
mail the users list with a link to it so someone can have a look at your configuration.

Paul