[Openswan Users] Weird tunnel issue

Jason J. W. Williams jasonjwwilliams at gmail.com
Thu Oct 23 12:50:23 EDT 2014


The second file is what's included. Have not tried using iptables. Is "ipsec auto --down" not sufficient?

-J

Sent via iPhone

> On Oct 23, 2014, at 9:28, "Peter McGill" <petermcgill at goco.net> wrote:
> 
> Well your ipsec.conf includes files in /etc/ipsec.conf.d which you haven't
> shown us, so we can't actually examine your configuration.
> 
> However, have you tried restarting and disabling the firewall (iptables
> rules) to see if that fixes the problem.
> 
> Peter McGill
> 519-284-3420 x204
> 
> -----Original Message-----
> Date: Wed, 22 Oct 2014 14:00:11 -0700
> From: "Jason J. W. Williams" <jasonjwwilliams at gmail.com>
> To: users at lists.openswan.org
> Subject: [Openswan Users] Weird tunnel issue
> Message-ID:
>    <CAHZAEpceRYd-EBco6_yPw=G9p88aCvY3ZeAb3Q+saqbaGo6VCg at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
> 
> Hi,
> 
> We've had a weird issue where the tunnel had been up for several days
> and then suddenly refused to route packets over the tunnel (couldn't
> ping). The tunnel according to "ipsec auto --status" was up. The other
> side is a Fortigate 200B and it also agreed the tunnel was up. But it
> refused to send traffic over the tunnel. Tried toggling the tunnel
> down and then up from both ends, and while the tunnel re-established
> still couldn't route. Only thing that corrected it was rebooting the
> box running the OpenSWAN client.
> 
> Client is an Ubuntu 14.04.1 x64 box:
> # ipsec --version
> Linux Openswan U2.6.38/K3.13.0-37-generic (netkey)
> 
> ipsec.conf: https://gist.github.com/williamsjj/4dc00138e62697aec602
> tunnel config: https://gist.github.com/williamsjj/910adcc5a071fc130b30
> 
> Any help is greatly appreciated.
> 
> -J
> 


More information about the Users mailing list