[Openswan Users] Magically appearing xfrm rules

Iain Buchanan iainbuc at gmail.com
Fri Jul 18 03:06:27 EDT 2014


I'm using Openswan 2.6.37/K3.2.0-65-generic (netkey) and I'm having strange
issues where just UDP traffic occasionally stops going through an Openswan
IPSEC link.  I've also been having TCP connection drop-outs occurring that
I'm starting to suspect are also due to ip xfrm policy rules appearing (yet
to catch it in the act though).

If I do "ip xfrm policy" when UDP stops working I can see rules appearing
that explicitly drop the UDP traffic between the two hosts.  Removing these
rules fixes the issue.

This may not be an Openswan issue at all, but does anyone have any idea why
this would occur?  I'm having great difficulty finding any documentation
around who changes this table, why and when!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140718/18beb68a/attachment.html>

More information about the Users mailing list