Menu
▾
▴
[Ipsec-tools-devel] ipsec breaks after upgrading to kernel 2.6.16
|
From: Matthew S. <ma...@ap...> - 2006-03-24 03:48:25
|
Ok, so I have this ipsec tunnel all is well, I upgrade to 2.6.16 to get some of these new ipsec features (netfilter related) and find that my packets are no longer matching my policy. I have this defined in my ipsec.conf file: #!/usr/sbin/setkey -f # # Flush SAD and SPD flush; spdflush; # omit local traffic from ipsec spdadd 192.168.1.0/24 192.168.1.0/24 any -P out none; spdadd 192.168.1.0/24 192.168.1.0/24 any -P in none; # Ipsec policies spdadd 192.168.1.0/24 192.168.0.0/16 any -P out ipsec esp/tunnel/x.x.x.x-y.y.y.y/require; spdadd 192.168.0.0/16 192.168.1.0/24 any -P in ipsec esp/tunnel/y.y.y.y-x.x.x.x/require; But for some reason after the kernel upgrade the packets are being sent to the default gateway instead of matching the policy and being sent though the tunnel which according to setkey -D is up. Anyone have any thoughts on this? schu |
