Tom Eastep wrote: > > I suspect that with the destination IP address rewritten to 10.231.113.30, > the traffic then matches one of your SPD entries so the kernel is trying to > send it down an IPSEC tunnel. > > -Tom > Thank you Tom!!!
That was the right guess. "setkey -F -P" and now the packets go through. The typical hassle with old configs remaining somewhere in the system. Thanks a lot, Christian -- Christian Vieser Tel: +49 (0) 7251.93258-124 Fax: +49 (0) 7251.93258-119 E-Mail: [EMAIL PROTECTED] ------------------------------------------------- opti-serv Unternehmensberatung für Servicemanagement GmbH Geschäftsführer Klaus Graf Moltkestr. 13 76689 Karlsdorf-Neuthard Amtsgericht Mannheim HRB Nr. 701508 Tel: +49 (0) 7251.366753 Fax: +49 (0) 7251.349493 E-Mail: [EMAIL PROTECTED] Web: www.opti-serv.de ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
