You're right. Wrong list. I've solved the problem however. Sorry for messing up. Hello Stindl, Thursday, February 10, 2005, 2:08:05 PM, you wrote: SWE> Hi, SWE> Well, I don't understand where your problem is. SWE> If you have disabled netfilter, than why do you think your SWE> ipsec problem is an netfilter issue? SWE> The packets in your trace have a size of 88 byte. So SWE> packet-size shouldn't be an issue too. SWE> So what exactly doesn't work? SWE> Regards SWE> wolfgang >> -----Ursprüngliche Nachricht----- >> Von: netfilter-bounces@xxxxxxxxxxxxxxxxxxx >> [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] Im Auftrag von >> Daniel Rycaj >> Gesendet: Donnerstag, 10. Februar 2005 12:15 >> An: netfilter@xxxxxxxxxxxxxxxxxxx >> Betreff: linux, kernel 2.6.10, vlans and IPsec problem >> >> >> Hi all, >> >> details: >> linux fedora 3 (kernel compiled from official sources) >> iptables 1.2.11 (compiled from sources too) >> vlan support turned on (vconfig from cvs) >> >> I have following situation: >> >> >> eth0 eth1.X(vlans) >> internet----------[linux]-----------------[clients] >> >> >> I *DO NOT* use private addresses so I don't use >> NAT at all (just packet forwarding). >> >> One of my clients tries to establish IPsec connection >> to a host located somewhere outside of my network >> and it doesn't work. >> >> During the tests I removed all firewall rules. >> >> tcpdump shows me: >> >> [root@GW]# tcpdump -n -i eth1.9 -vv >> tcpdump: listening on eth1.9, link-type EN10MB (Ethernet), >> capture size 96 bytes >> 12:09:59.200139 IP (tos 0x0, ttl 116, id 7059, offset 0, flags [none], >> proto 50, length: 88) XX.XX.XX.XX > YY.YY.YY>YY: >> ESP(spi=0x139c2705,seq=0x35b) >> 12:10:01.767596 IP (tos 0x0, ttl 128, id 49969, offset 0, flags >> [none], proto 50, length: 88) YY.YY.YY.YY > XX.XX.XX>XX: >> ESP(spi=0x43b9ff86,seq=0x3d3) >> >> I tried to lower MTU on eth1.9 but it didn't help. >> Any ideas ? >> >> >> -- >> Best regards, >> Daniel mailto:daniel@xxxxxxxxx >> >> >> -- Best regards, Daniel mailto:daniel@xxxxxxxxx
