Could you post your configuration?
Yeah. Let me describe my setup first.
I have a router. Someone else runs a tunnel server which has ipip and ipsec capability. Both ipip and ipsec tunnels are known to work for other people, and if needed, I can probably get access to the configuration of the server, but we can safely assume that the server configuration is not the problem.
I have been using an ipip tunnel for several years now and I want to replace it with an ipsec tunnel. However, I want to transition gradually, and therefore I want to run the two tunnels in parallel for a period of time. So, the setup right now is:
My router has eth0 (internal, ipip-tunnelled subnet), ipip0 (the ipip tunnel interface for eth0), eth0:1 (internal, ipsec-tunelled subnet), ipsec0 (the ipsec tunnel interface for eth0:1), and eth1 (external).
My routing tables route local<->local and remote->local traffic to eth0 and eth0:1, local->remote from eth0 to ipip0 and from eth0:1 to ipsec0.
All this should be irrelevant, since the problem is that an esp packet that comes in on eth1 does not come out on ipsec0, but it is included for completeness. Note that I wanted to override freeswan's idea of what should be routed where, because I do not want all traffic from the router to go over IPsec (for the time being). As a result, freeswan's default route to ipsec0 is never used.
Routing information is at <http://web.periodic-kingdom.org/Public/routes.txt>. Barf is at <http://web.periodic-kingdom.org/Public/barf.txt>.
The ping is going from 18.101.2.221 to 18.72.0.3, and the following two lines are the outgoing and incoming ESP packets for the ping.
IN= OUT=eth1 SRC=65.96.190.200 DST=18.7.14.134 LEN=136 TOS=0x00 PREC=0x00 TTL=64 ID=16725 PROTO=ESP SPI=0xc64a3155
IN=eth1 OUT= MAC=00:05:02:f6:e9:1a:00:0b:5f:ee:2e:70:08:00 SRC=18.7.14.134 DST=65.96.190.200 LEN=136 TOS=0x00 PREC=0x00 TTL=59 ID=35754 PROTO=ESP SPI=0x51c85c4a
meeroh
PS. I keep trying to subscribe to the list and getting a majordomo error. Is this a known problem?
--
<http://web.meeroh.org/> | KB1FMP
A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
