On Mon, Jan 10, 2011 at 10:09 AM, Pim Zandbergen <P.Zandbergen@xxxxxxxxxxxxx> wrote: > I'm seeing something possibly similar. > > I have upgraded a Fedora 11 box to Fedora 14. This box was succesfully > running five > IPSec tunnels. Four of them to a ZyXEL P-2602H, one to Fedora 13 box. > > After upgrading, all of the tunnels were reestablished, but no traffic > was possible over it. > > Using Wireshark I found out that packets returning from a remote host are > being routed to the wrong interface. > > Let's say I have this: > > SRC=1.2.3.4 (public, on eth1) > SRCNET=192.168.1.0/24 (private, on eth0) > DST=5.6.7.8 (public) > DSTNET=192.168.2.0/24 (private) > > While pinging from our 192.168.1.217 to their 192.168.2.16, I see > - unencrypted packet arrives at our tunnel > - encrypted packet is sent to DST > - (not tracing remote internal network, assuming everything's OK) > - encrypted return packet arrives at SRC > - unencrypted return packet is sent to eth1, even though destination > address is 192.168.1.217 > > There's nothing in the routing table that could explain this. > > Pim Please file a bugzilla. It looks like you have the info needed to pin down the problem description. > On 4-1-2011 11:50, Luc MAIGNAN wrote: >> Hi, >> I use racoon to establish an IPSEC tunnel between a fedora box and a router. >> The tunnel is mounted. >> Both my fedora and network behind the router can ping each other >> The network behind the router can use the tunnel to ssh my fedora >> But my fedora isn't able to ssh the network behind the router. >> IPTRAF shows me that packets come correctly from the opposite side, but >> ssh doesn't seem to receive them. >> What can happen ? >> Any help would be appreciated >> >> BR -- Dale Dellutri -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
