[strongSwan] Migration from Openswan to Strongswan

Andreas Steffen andreas.steffen at strongswan.org
Tue May 10 16:26:45 CEST 2011

The outbound policy:

src dst uid 0
        dir out action allow index 1729 priority 1819 share any flag
        lifetime config:
          limit: soft (INF)(bytes), hard (INF)(bytes)
          limit: soft (INF)(packets), hard (INF)(packets)
          expire add: soft 0(sec), hard 0(sec)
          expire use: soft 0(sec), hard 0(sec)
        lifetime current:
          0(bytes), 0(packets)
          add 2011-05-10 15:44:25 use 2011-05-10 16:01:26
        tmpl src A.A.A.A dst B.B.B.B
                proto esp spi 0x00000000(0) reqid 16392(0x00004008) mode
                level required share any
                enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff

was used at least once since the use field is set, but the outbound
IPsec SA does not show any packet hits. It seems as if the packet
disappears somehow. Are there any additional routes for the payload


On 05/10/2011 03:07 PM, Pavel Arnošt wrote:
> It looks like that there are zeroes everywhere.
> --------------------------------------------------
> From: "Andreas Steffen" <andreas.steffen at strongswan.org>
> Sent: Tuesday, May 10, 2011 2:50 PM
> To: "Pavel Arnošt" <pavel.arnost at valvera.cz>
> Cc: <users at lists.strongswan.org>
> Subject: Re: [strongSwan] Migration from Openswan to Strongswan
>> The problem looks extremely strange. Could you send me the following
>> information:
>> ip -s xfrm policy
>> ip -x xfrm state
>> so that I can check if there are any packet hits or esp errors.
>> Andreas

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list