Wolfgang Walter <wolfgang.walter@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> 5. then it disappears (it is NOT dropped by iptables)
> especially it is not seen in FORWARD (mangle-table).
>
> The route to E on C is a host route via 10.148.15.10.
Please show us the output of "ip ru" and "ip ro".
> src 10.148.4.0/28 dst 10.0.25.210/32
> dir in priority 2084
> tmpl src 192.168.9.237 dst 192.168.77.161
> proto esp spi 0x00000000 reqid 16465 mode tunnel
>
> src 10.148.4.0/28 dst 10.0.25.210/32
> dir out priority 0
>
> src 10.148.4.0/28 dst 10.0.25.210/32
> dir fwd priority 2084
> tmpl src 192.168.9.237 dst 192.168.77.161
> proto esp spi 0x00000000 reqid 16465 mode tunnel
Please attach the complete output of "ip x p".
> Interestingly, the original scenario works fine when we use kernel 2.6.7-rc1
> instead of 2.6.11.7 and setkey from ipsec-tools 0.3.3. In this case there are
What if you use the new ipsec-tools against the old kernel?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
|