Aidas Kasparas wrote:
Joshua,
I have impression that SA's do not get negotiated successfully.
Could you please look at "setkey -D" (not -DP) output at both sides and
see that both sides agree on SAs?
Also, you use NAT? If so, please look at
http://ipsec-tools.sf.net/checklist.html#not_natted (other checks may
also help)
I am not using NAT, the box is also a NATing FW, but everything is exposed. Due to the problems, I reverted to 2.6.9 - however I still had the same problems.
Finally, I went back to ipsec-tools-0.4. Now everything works fine, but I don't know why 0.5_rc1 would not establish phase 2.
thanks,
Joshua
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
