[EMAIL PROTECTED] wrote: > > http://bugzilla.kernel.org/show_bug.cgi?id=6430 > > Summary: ipsec tunnel : reply is not forwarded > Kernel Version: 2.6.14.5 > Status: NEW > Severity: normal > Owner: [EMAIL PROTECTED] > Submitter: [EMAIL PROTECTED] > > > Most recent kernel where this bug did not occur: 2.6.14 > Distribution: debian sarge 3.1 > Hardware Environment: > Software Environment: isakmpd > Problem Description: > The situation is the following : > hostA -- GW1 <==> GW2 -- hostB, with an ipsec tunnel between GW1 and GW2. > Encryption : des-cbc, Auth : hmac-md5, and automatic keyring with isakmpd > on GW1 and GW2. > The tunnel is correctly mounted, with symmetrical spi on both sides GW1 and > GW2. > (I have verified with setkey) > When hostA ping hostB, packets are correctly send to hostB, and returns > to GW1, and are decrypted here, but are not forwarded to hostA. > (Symmetrically when hostB ping hostA packet returned on GW2 are not > forwarded to hostB). I have verified with tcpdump. > I have try exactly the same configuration with standard kernel 2.6.8 from > sarge distrib. and it works perfectly. > I also try to echo 0 > /proc/...eth0/rp_filter where eth0 is the interface on > GW2 "connected" to GW1 but result is the same. > I have also try replacing GW2 by a Cisco PIX, and I have same result > on linux (2.6.14.5) GW1. > > Steps to reproduce: > Configure an ipsec tunnel between GW1 and GW2 as described above. I have done > it with isakmpd, and with standard support of ipsec in kernel, not with > freeswan. >
That's quite an old kernel. Are you able to test 2.6.16? - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
