Bug#590661: linux-image-2.6.32-5-openvz-amd64: openswan ipsec packets do not reach openvz instances
On Wed, 2010-07-28 at 11:30 +0200, maximilian attems wrote:
> On Wed, Jul 28, 2010 at 11:09:41AM +0200, Daniel Tombeil wrote:
> > in netkey-mode. I'll post the setup-guide for reproduction and the
> > binary tcpdump ASAP.
> ok sorry overlooked, as wasn't in body, please make upstream devs
> aware by filing there.
> development and fixes happens there. thanks
no prob. I'm not very used to file bugs by now. I found a related
bug-report at openvz.org for RHEL6. Seems to be the same problem. The
workaround I found there works for me, too:
Bug 1554 - ipsec vpn terminated in HN not available in VE unless IPSEC
policies are disabled for venet0
There is still a discussion ongoing if this scenario is or should be
supported at all or not. I wrote a comment confirming the problem exists
also on debian squeeze/testing. I'll now wait what the discussion leads
to. As long as it works I can live with the sysctl inside the VE.
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org