[Users] Re: networking problems with ipsec vpn
Aleksandar Ivanisevic
aleksandar at ivanisevic.de
Thu Jun 17 03:47:16 EDT 2010
I have menaged to solve this by
sysctl -w net.ipv4.conf.venet0.disable_policy=1
in the VE (not HN!). This is definitely a bug since VE doesn't even
have ipsec tools installed. I can open a problem report if anyone is
interested.
Aleksandar Ivanisevic
<aleksandar at ivanisevic.de> writes:
> what could be the reason that I see ICMP echo reply packets in tcpdump,
> but ping still doesnt work
>
> this is in a VE
>
> # /usr/sbin/tcpdump -n host 10.1.8.24
> tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to cooked socket
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
> 16:12:32.752955 IP x.y.z.39 > 10.1.8.24: ICMP echo request, id 57367, seq 1, length 64
> 16:12:32.795299 IP 10.1.8.24 > x.y.z.39: ICMP echo reply, id 57367, seq 1, length 64
> 16:12:33.752323 IP x.y.z.39 > 10.1.8.24: ICMP echo request, id 57367, seq 2, length 64
> 16:12:33.794946 IP 10.1.8.24 > x.y.z.39: ICMP echo reply, id 57367, seq 2, length 64
> 16:12:34.752703 IP x.y.z.39 > 10.1.8.24: ICMP echo request, id 57367, seq 3, length 64
> 16:12:34.794853 IP 10.1.8.24 > x.y.z.39: ICMP echo reply, id 57367, seq 3, length 64
> 16:12:35.753022 IP x.y.z.39 > 10.1.8.24: ICMP echo request, id 57367, seq 4, length 64
> 16:12:35.795263 IP 10.1.8.24 > x.y.z.39: ICMP echo reply, id 57367, seq 4, length 64
> 16:12:36.752222 IP x.y.z.39 > 10.1.8.24: ICMP echo request, id 57367, seq 5, length 64
> 16:12:36.794412 IP 10.1.8.24 > x.y.z.39: ICMP echo reply, id 57367, seq 5, length 64
>
> in another terminal ping 10.1.8.24 just sits there, no reply
>
> I have an ipsec vpn terminated on the HN. On another HN in the same
> network everything works, but instead of VPN termination, that HN has
> the route to the first HN for 10.1.8.24
More information about the Users
mailing list