On 02/04/2017 02:34 PM, Jeff Becker wrote:
On 02/03/2017 04:57 PM, Paul Wouters wrote:
My guess would be that your ping is either not covered by the tunnel, or
you are using ICMP packets with the wrong label?
I fixed another AVC denial disallowing polmatch for scontext
unlabeled_t, and tcontext ipsec_spd_t, I tried the ping again, and it
still didn't work. Then I tried running tracepath, which did work.
After that, the ping started working. Thanks.
Spoke too soon. I reverted to the unlabeled tunnel to test something,
then restarted the labeled tunnel (successfully) . Once again I couldn't
ping, but now tracepath didn't work either. When I run ipsec status, the
tail of it shows:
000 198.9.7.199/32:8 -1-> 198.9.7.198/32:0 => %hold 0 %acquire-netlink
000 198.9.7.199/32:8 -1-> 198.9.7.198/32:0 => %hold 0 %acquire-netlink
Can this be fixed so I get my route back? Thanks.
-jeff
-jeff
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
