On Fri, Apr 22, 2005 at 02:40:31AM +0200, Wolfgang Walter wrote:
>
> > Although you probably have rp_filter turned, but please check
> >
> > cat /proc/sys/net/ipv4/conf/eth3/rp_filter
> >
> > anway.
Please do this check.
> > > src 10.148.0.0/23 dst 10.0.25.210/32
> > > dir fwd priority 0
> >
> > There you go. This policy trumps your other policy. This one
> > says that forwarded traffic matching it must carry no tunnel
> > IPsec transforms. Therefore all IPsec packets matching it will
> > be dropped.
>
> I don't understand that. 10.148.0.0/23 is 10.148.0.0-10.148.1.255, isn't it?
> But 10.148.4.0/28 (is 10.148.4.0-10.148.4.15) is not within it.
Sorry, I misread the netmask. I was right about the problem though :)
Further down it says
src 0.0.0.0/0 dst 10.0.25.210/32
dir fwd priority 0
which still trumps your IPsec policy.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|