[strongSwan] Migration from Openswan to Strongswan

Pavel Arnošt pavel.arnost at valvera.cz
Tue May 10 17:00:59 CEST 2011 

Do you mean "normal" network routes? From "172" network I see only kernel 
route for interface IP address:

# ip ro sh | grep 172
172.24.26.64/26 dev eth0  proto kernel  scope link  src 172.24.26.65

"ip ro get 172.27.96.15" shows interface eth1 and default gateway of the 
system.

I can schedule system restart, just to be sure.

--------------------------------------------------
From: "Andreas Steffen" <andreas.steffen at strongswan.org>
Sent: Tuesday, May 10, 2011 4:26 PM
To: "Pavel Arnošt" <pavel.arnost at valvera.cz>
Cc: <users at lists.strongswan.org>
Subject: Re: [strongSwan] Migration from Openswan to Strongswan

> The outbound policy:
>
> src 172.24.26.64/26 dst 172.27.96.15/32 uid 0
>        dir out action allow index 1729 priority 1819 share any flag
> 0x00000000
>        lifetime config:
>          limit: soft (INF)(bytes), hard (INF)(bytes)
>          limit: soft (INF)(packets), hard (INF)(packets)
>          expire add: soft 0(sec), hard 0(sec)
>          expire use: soft 0(sec), hard 0(sec)
>        lifetime current:
>          0(bytes), 0(packets)
>          add 2011-05-10 15:44:25 use 2011-05-10 16:01:26
>        tmpl src A.A.A.A dst B.B.B.B
>                proto esp spi 0x00000000(0) reqid 16392(0x00004008) mode
> tunnel
>                level required share any
>                enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>
> was used at least once since the use field is set, but the outbound
> IPsec SA does not show any packet hits. It seems as if the packet
> disappears somehow. Are there any additional routes for the payload
> traffic?
>
> Andreas
>
> On 05/10/2011 03:07 PM, Pavel Arnošt wrote:
>> It looks like that there are zeroes everywhere.
>>
>> --------------------------------------------------
>> From: "Andreas Steffen" <andreas.steffen at strongswan.org>
>> Sent: Tuesday, May 10, 2011 2:50 PM
>> To: "Pavel Arnošt" <pavel.arnost at valvera.cz>
>> Cc: <users at lists.strongswan.org>
>> Subject: Re: [strongSwan] Migration from Openswan to Strongswan
>>
>>> The problem looks extremely strange. Could you send me the following
>>> information:
>>>
>>> ip -s xfrm policy
>>> ip -x xfrm state
>>>
>>> so that I can check if there are any packet hits or esp errors.
>>>
>>> Andreas
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>

More information about the Users mailing list