[strongSwan] Migration from Openswan to Strongswan

Pavel Arnošt pavel.arnost at valvera.cz
Thu May 12 12:24:36 CEST 2011


Hi,

restart did not help. Do you have any suggestion?

Thanks,
Regards,
Pavel Arnošt

--------------------------------------------------
From: "Pavel Arnošt" <pavel.arnost at valvera.cz>
Sent: Tuesday, May 10, 2011 5:00 PM
To: <users at lists.strongswan.org>
Subject: Re: [strongSwan] Migration from Openswan to Strongswan

> Do you mean "normal" network routes? From "172" network I see only kernel 
> route for interface IP address:
>
> # ip ro sh | grep 172
> 172.24.26.64/26 dev eth0  proto kernel  scope link  src 172.24.26.65
>
> "ip ro get 172.27.96.15" shows interface eth1 and default gateway of the 
> system.
>
> I can schedule system restart, just to be sure.
>
> --------------------------------------------------
> From: "Andreas Steffen" <andreas.steffen at strongswan.org>
> Sent: Tuesday, May 10, 2011 4:26 PM
> To: "Pavel Arnošt" <pavel.arnost at valvera.cz>
> Cc: <users at lists.strongswan.org>
> Subject: Re: [strongSwan] Migration from Openswan to Strongswan
>
>> The outbound policy:
>>
>> src 172.24.26.64/26 dst 172.27.96.15/32 uid 0
>>        dir out action allow index 1729 priority 1819 share any flag
>> 0x00000000
>>        lifetime config:
>>          limit: soft (INF)(bytes), hard (INF)(bytes)
>>          limit: soft (INF)(packets), hard (INF)(packets)
>>          expire add: soft 0(sec), hard 0(sec)
>>          expire use: soft 0(sec), hard 0(sec)
>>        lifetime current:
>>          0(bytes), 0(packets)
>>          add 2011-05-10 15:44:25 use 2011-05-10 16:01:26
>>        tmpl src A.A.A.A dst B.B.B.B
>>                proto esp spi 0x00000000(0) reqid 16392(0x00004008) mode
>> tunnel
>>                level required share any
>>                enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>>
>> was used at least once since the use field is set, but the outbound
>> IPsec SA does not show any packet hits. It seems as if the packet
>> disappears somehow. Are there any additional routes for the payload
>> traffic?
>>
>> Andreas
>>
>> On 05/10/2011 03:07 PM, Pavel Arnošt wrote:
>>> It looks like that there are zeroes everywhere.
>>>
>>> --------------------------------------------------
>>> From: "Andreas Steffen" <andreas.steffen at strongswan.org>
>>> Sent: Tuesday, May 10, 2011 2:50 PM
>>> To: "Pavel Arnošt" <pavel.arnost at valvera.cz>
>>> Cc: <users at lists.strongswan.org>
>>> Subject: Re: [strongSwan] Migration from Openswan to Strongswan
>>>
>>>> The problem looks extremely strange. Could you send me the following
>>>> information:
>>>>
>>>> ip -s xfrm policy
>>>> ip -x xfrm state
>>>>
>>>> so that I can check if there are any packet hits or esp errors.
>>>>
>>>> Andreas
>>
>> ======================================================================
>> Andreas Steffen                         andreas.steffen at strongswan.org
>> strongSwan - the Linux VPN Solution!                www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
>> 




More information about the Users mailing list