Hi everyone,
I'm working on a machine with linux kernel 2.6.19 running as IPSec
roadwarrior client (IKEv2 with certs and virtual ip on client side).
The strange thing is that strongSwan with IKEv2 was working fine with
that config, but now suddenly it doesn't.
The connection is fully established, no errors. But when I try to ping
the other side (its virtual IP) it doesn't even send anything (checked
that with tcpdump.. no esp and no udp encapsulated esp). Instead
sometimes it even gives me error messages like
"ping: sendto: No such process"
When the remote side is pinging me, I see the incoming packets with
tcpdump, but it doesn't answer them.
iptables are off.
Somehow weird..
I monitored the whole thing with "ip xfrm monitor" and voila..
everytime I start sending pings it give me that once (and after a
timeout again..)
acquire proto esp
sel src 10.3.0.1/32 dst X.X.X.X/32 proto icmp type 8 code 0
policy src 10.3.0.1/32 dst X.X.X.X/32
dir out priority 1680
tmpl src 169.254.2.1 dst X.X.X.X
proto esp reqid 2 mode tunnel
I tried the same config on another linux machine, works without
problems there (and without acquire message).
Any ideas?
Greetings,
Alex
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
