FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

LinkBack Thread Tools
Old 07-28-2010, 10:46 AM
Daniel Tombeil
Default Bug#590661: linux-image-2.6.32-5-openvz-amd64: openswan ipsec packets do not reach openvz instances


On Wed, 2010-07-28 at 11:30 +0200, maximilian attems wrote:
> On Wed, Jul 28, 2010 at 11:09:41AM +0200, Daniel Tombeil wrote:


> > in netkey-mode. I'll post the setup-guide for reproduction and the
> > binary tcpdump ASAP.
> ok sorry overlooked, as wasn't in body, please make upstream devs
> aware by filing there.
> development and fixes happens there. thanks

no prob. I'm not very used to file bugs by now. I found a related
bug-report at openvz.org for RHEL6. Seems to be the same problem. The
workaround I found there works for me, too:

Bug 1554 - ipsec vpn terminated in HN not available in VE unless IPSEC
policies are disabled for venet0


There is still a discussion ongoing if this scenario is or should be
supported at all or not. I wrote a comment confirming the problem exists
also on debian squeeze/testing. I'll now wait what the discussion leads
to. As long as it works I can live with the sysctl inside the VE.

Thank you!

Gruss | LF.net GmbH | fon +49 711 90074-402
Daniel Tombeil | Ruppmannstr. 27 | fax +49 711 90074-33
dt@LF.net | D-70565 Stuttgart | http://www.LF.net

To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1280314011.27040.20.camel@tomte.LF.net">http://lists.debian.org/1280314011.27040.20.camel@tomte.LF.net

Thread Tools

All times are GMT. The time now is 09:33 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org