netdev
[Top] [All Lists]

Re: Problem with IPSEC tunnel mode

To: wolfgang.walter@xxxxxxxxxxxxxxxxxxxx (Wolfgang Walter)
Subject: Re: Problem with IPSEC tunnel mode
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Apr 2005 22:57:48 +1000
Cc: netdev@xxxxxxxxxxx
In-reply-to: <200504201737.51053.wolfgang.walter@studentenwerk.mhn.de>
Organization: Core
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.27-hx-1-686-smp (i686))
Wolfgang Walter <wolfgang.walter@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> 5. then it disappears (it is NOT dropped by iptables)
>   especially it is not seen in FORWARD (mangle-table).
> 
> The route to E on C is a host route via 10.148.15.10.

Please show us the output of "ip ru" and "ip ro".

> src 10.148.4.0/28 dst 10.0.25.210/32
>        dir in priority 2084
>        tmpl    src 192.168.9.237 dst 192.168.77.161
>                proto esp spi 0x00000000 reqid 16465 mode tunnel
> 
> src 10.148.4.0/28 dst 10.0.25.210/32
>        dir out priority 0
> 
> src 10.148.4.0/28 dst 10.0.25.210/32
>        dir fwd priority 2084
>        tmpl    src 192.168.9.237 dst 192.168.77.161
>                proto esp spi 0x00000000 reqid 16465 mode tunnel

Please attach the complete output of "ip x p".
 
> Interestingly, the original scenario works fine when we use kernel 2.6.7-rc1 
> instead of 2.6.11.7 and setkey from ipsec-tools 0.3.3. In this case there are 

What if you use the new ipsec-tools against the old kernel?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>