On Sun, 16 Oct 2016, Maciej Piechotka wrote:
I have problem with setting up ipsec. I see ESP packets coming through
but they are dropped during policy check (i.e. XfrmInTmplMismatch is
increased) so in tcpdump only the ESP packets are shown. I could not
find any information how to proceed from here.
PS. I disabled receiving messages from this group so please include me
in To: or Cc: list.
Note that your barf's did not include log files. But regardless, it
shows the kernel ip xfrm state/policy showing the tunnels are up fine.
The only thing I can see wrong is:
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [NOT DISABLED]
Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will act on
or cause sending of bogus ICMP redirects!
ICMP default/accept_redirects [NOT DISABLED]
Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will act
on or cause sending of bogus ICMP redirects!
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Hardware random device [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [ENABLED]
Please completely disable redirects and rp_filter
Swan mailing list