Hi, Well, I don't understand where your problem is. If you have disabled netfilter, than why do you think your ipsec problem is an netfilter issue? The packets in your trace have a size of 88 byte. So packet-size shouldn't be an issue too. So what exactly doesn't work? Regards wolfgang > -----Ursprüngliche Nachricht----- > Von: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] Im Auftrag von > Daniel Rycaj > Gesendet: Donnerstag, 10. Februar 2005 12:15 > An: netfilter@xxxxxxxxxxxxxxxxxxx > Betreff: linux, kernel 2.6.10, vlans and IPsec problem > > > Hi all, > > details: > linux fedora 3 (kernel compiled from official sources) > iptables 1.2.11 (compiled from sources too) > vlan support turned on (vconfig from cvs) > > I have following situation: > > > eth0 eth1.X(vlans) > internet----------[linux]-----------------[clients] > > > I *DO NOT* use private addresses so I don't use > NAT at all (just packet forwarding). > > One of my clients tries to establish IPsec connection > to a host located somewhere outside of my network > and it doesn't work. > > During the tests I removed all firewall rules. > > tcpdump shows me: > > [root@GW]# tcpdump -n -i eth1.9 -vv > tcpdump: listening on eth1.9, link-type EN10MB (Ethernet), > capture size 96 bytes > 12:09:59.200139 IP (tos 0x0, ttl 116, id 7059, offset 0, flags [none], > proto 50, length: 88) XX.XX.XX.XX > YY.YY.YY>YY: > ESP(spi=0x139c2705,seq=0x35b) > 12:10:01.767596 IP (tos 0x0, ttl 128, id 49969, offset 0, flags > [none], proto 50, length: 88) YY.YY.YY.YY > XX.XX.XX>XX: > ESP(spi=0x43b9ff86,seq=0x3d3) > > I tried to lower MTU on eth1.9 but it didn't help. > Any ideas ? > > > -- > Best regards, > Daniel mailto:daniel@xxxxxxxxx > > >
