Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Kernel (http://www.linux-archive.org/debian-kernel/)
-   -   Bug#590661: linux-image-2.6.32-5-openvz-amd64: openswan ipsec packets do not reach openvz instances (http://www.linux-archive.org/debian-kernel/405133-bug-590661-linux-image-2-6-32-5-openvz-amd64-openswan-ipsec-packets-do-not-reach-openvz-instances.html)

Daniel Tombeil 07-28-2010 10:46 AM

Bug#590661: linux-image-2.6.32-5-openvz-amd64: openswan ipsec packets do not reach openvz instances
 
Hi,

On Wed, 2010-07-28 at 11:30 +0200, maximilian attems wrote:
> On Wed, Jul 28, 2010 at 11:09:41AM +0200, Daniel Tombeil wrote:

[...]

> > in netkey-mode. I'll post the setup-guide for reproduction and the
> > binary tcpdump ASAP.
>
> ok sorry overlooked, as wasn't in body, please make upstream devs
> aware by filing there.
> development and fixes happens there. thanks

no prob. I'm not very used to file bugs by now. I found a related
bug-report at openvz.org for RHEL6. Seems to be the same problem. The
workaround I found there works for me, too:

Bug 1554 - ipsec vpn terminated in HN not available in VE unless IPSEC
policies are disabled for venet0

http://bugzilla.openvz.org/show_bug.cgi?id=1554

There is still a discussion ongoing if this scenario is or should be
supported at all or not. I wrote a comment confirming the problem exists
also on debian squeeze/testing. I'll now wait what the discussion leads
to. As long as it works I can live with the sysctl inside the VE.

Thank you!

--
Gruss | LF.net GmbH | fon +49 711 90074-402
Daniel Tombeil | Ruppmannstr. 27 | fax +49 711 90074-33
dt@LF.net | D-70565 Stuttgart | http://www.LF.net



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1280314011.27040.20.camel@tomte.LF.net">http://lists.debian.org/1280314011.27040.20.camel@tomte.LF.net


All times are GMT. The time now is 08:29 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.