[Users] Re: networking problems with ipsec vpn

Kir Kolyshkin kir at openvz.org
Thu Jun 17 08:22:20 EDT 2010 

On 06/17/2010 11:47 AM, Aleksandar Ivanisevic wrote:
>
> I have menaged to solve this by
>
> sysctl -w net.ipv4.conf.venet0.disable_policy=1
>
> in the VE (not HN!). This is definitely a bug since VE doesn't even
> have ipsec tools installed. I can open a problem report if anyone is
> interested.
>    

Please do. http://bugzilla.openvz.org/

> Aleksandar Ivanisevic
> <aleksandar at ivanisevic.de>  writes:
>
>    
>> what could be the reason that I see ICMP echo reply packets in tcpdump,
>> but ping still doesnt work
>>
>> this is in a VE
>>
>> # /usr/sbin/tcpdump -n host 10.1.8.24
>> tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to cooked socket
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
>> 16:12:32.752955 IP x.y.z.39>  10.1.8.24: ICMP echo request, id 57367, seq 1, length 64
>> 16:12:32.795299 IP 10.1.8.24>  x.y.z.39: ICMP echo reply, id 57367, seq 1, length 64
>> 16:12:33.752323 IP x.y.z.39>  10.1.8.24: ICMP echo request, id 57367, seq 2, length 64
>> 16:12:33.794946 IP 10.1.8.24>  x.y.z.39: ICMP echo reply, id 57367, seq 2, length 64
>> 16:12:34.752703 IP x.y.z.39>  10.1.8.24: ICMP echo request, id 57367, seq 3, length 64
>> 16:12:34.794853 IP 10.1.8.24>  x.y.z.39: ICMP echo reply, id 57367, seq 3, length 64
>> 16:12:35.753022 IP x.y.z.39>  10.1.8.24: ICMP echo request, id 57367, seq 4, length 64
>> 16:12:35.795263 IP 10.1.8.24>  x.y.z.39: ICMP echo reply, id 57367, seq 4, length 64
>> 16:12:36.752222 IP x.y.z.39>  10.1.8.24: ICMP echo request, id 57367, seq 5, length 64
>> 16:12:36.794412 IP 10.1.8.24>  x.y.z.39: ICMP echo reply, id 57367, seq 5, length 64
>>
>> in another terminal ping 10.1.8.24 just sits there, no reply
>>
>> I have an ipsec vpn terminated on the HN. On another HN in the same
>> network everything works, but instead of VPN termination, that HN has
>> the route to the first HN for 10.1.8.24
>>      
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
>

More information about the Users mailing list