I am running against a problem that I fail to understand, let alone
fix. Maybe someone can give me a clue about what might possible go
The system I am running ipsec-tools 0.6.7 (against uclibc) is an
AT91RM9200 based system. The tests started with a linux 22.214.171.124
kernel and because of the problems, I switched to 2.6.23 but still the
problem remains exactly the same.
What I am trying to do is to run an IPsec connection in tunnel mode to
a foreign router via a GPRS connection:
A --eth0-- B ---ppp0(gprs)--- C --eth0-- D
The AT91RM9200 system I am having problems with is B. Racoon
successfully finishes phases 1 and 2 on it talking to C and I see
corresponding SAs in the kernel when checking with setkey -D. For
testing purposes, I used iptables LOG statements (on B), so I get an
idea of what packets enter/traverse it.
When I do a ping to D from A, I see packets on the FORWARD chain on B
"in cleartext as icmp" protocol. The packets correctly traverse the
tunnel and reach D which also replies - *but* the replies never reach
A. They do enter the tunnel at C, but at B I only see proto=esp
packets on the INPUT chain at B but thats all, nothing leaves the
Of course I thought I have configuration issues here, so I dropped in
a standard i386 Debian/lenny box (linux 2.6.22) for B also using
ipsec-tools 0.6.7 and with the exact same racoon.conf and the same
setkey statements the tunnel works like a charm.
Can anyone give me a hint on what might be going wrong here? I am
really desparate as I have deadlines to meet with this project.
Thanks in advance for any help
Irrationality is the square root of all evil.
-- Douglas Hofstadter
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: dzu@...
Get latest updates about Open Source Projects, Conferences and News.