[strongSwan] Migration from Openswan to Strongswan
Andreas Steffen
andreas.steffen at strongswan.org
Tue May 10 16:26:45 CEST 2011
The outbound policy:
src 172.24.26.64/26 dst 172.27.96.15/32 uid 0
dir out action allow index 1729 priority 1819 share any flag
0x00000000
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2011-05-10 15:44:25 use 2011-05-10 16:01:26
tmpl src A.A.A.A dst B.B.B.B
proto esp spi 0x00000000(0) reqid 16392(0x00004008) mode
tunnel
level required share any
enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
was used at least once since the use field is set, but the outbound
IPsec SA does not show any packet hits. It seems as if the packet
disappears somehow. Are there any additional routes for the payload
traffic?
Andreas
On 05/10/2011 03:07 PM, Pavel Arnošt wrote:
> It looks like that there are zeroes everywhere.
>
> --------------------------------------------------
> From: "Andreas Steffen" <andreas.steffen at strongswan.org>
> Sent: Tuesday, May 10, 2011 2:50 PM
> To: "Pavel Arnošt" <pavel.arnost at valvera.cz>
> Cc: <users at lists.strongswan.org>
> Subject: Re: [strongSwan] Migration from Openswan to Strongswan
>
>> The problem looks extremely strange. Could you send me the following
>> information:
>>
>> ip -s xfrm policy
>> ip -x xfrm state
>>
>> so that I can check if there are any packet hits or esp errors.
>>
>> Andreas
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list