[Openswan Users] openswan tunnel and transport conflict?
Patrick Naubert
patrickn at xelerance.com
Wed Jan 6 12:27:12 EST 2016
Rescued from the spam bucket. Please remember to subscribe to the mailing list before posting to it.
Sorry for the delay, I was on vacation.
From: Julien T <julien.t43 at gmail.com>
Subject: openswan tunnel and transport conflict?
Date: December 28, 2015 at 10:20:08 PM EST
To: users at lists.openswan.org
Hello,
I'm trying to setup an ipsec tunnel between a linux and an operator modem.
Linux is Ubuntu trusty based with openswan. no iptables currently
Operator box is proprietary, ipsec only (no xl2tpd)
I started doing my setup with the following ansible role
https://github.com/ahelal/ansible-l2tp_ipsec <https://github.com/ahelal/ansible-l2tp_ipsec>
I customized it to operate as tunnel mode without l2tp part.
Tunnel established correctly (got the 'STATE_QUICK_R2: IPsec SA established tunnel mode')and sometime, it works/pings fine... but most of the time, it seems there is a routing issue
why?
because I see packets coming one way with tcpdump but not leaving the linux box
also 'ip xfrm policy' returns both tunnel and transport link for one src-dst couple...
+ ip xfrm policy
src 10.x.y.0/24 dst 192.168.z.0/24
dir out priority 2344
tmpl src a.b.c.202 dst e.f.g.12
proto comp reqid 16386 mode tunnel
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 16385 mode transport
src 192.168.z.0/24 dst 10.x.y.0/24
dir fwd priority 2344
tmpl src e.f.g.12 dst a.b.c.202
proto comp reqid 16386 mode tunnel
level use
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 16385 mode transport
See config and some extra output here
http://pastebin.com/UkwP9ery <http://pastebin.com/UkwP9ery>
linux also has an openvpn server but it is not supposed to impact ip xfrm policy.
I'm positive that I was using the same config at some moment it was working.
I don't know what else outside of openswan can affect ip xfrm
I also tried to remove manually this policy but don't find the right command
# ip xfrm policy delete tmpl in src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
Error: argument "tmpl" is wrong: unknown
# ip xfrm policy delete dir in src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
RTNETLINK answers: No such file or directory
any pointers?
Thanks
J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160106/f8b1bce5/attachment.html>
More information about the Users
mailing list