[Users] Re: Cannot ping internal hosts but only internal interface

From: Mimmus (dviggiani_at_tiscali.it)
Date: Fri Dec 27 2002 - 12:51:21 CET

It seems that specific RPM package with X.509 patch:
 freeswan-module-1.99_x509_0.9.15_2.4.9_34-0.i386.rpm
cause the:
> pluto[24331]: INTERNAL ERROR: /proc/net/ipsec_eroute line 1 SA ID field
> malformed: SA specifier lacks valid protocol prefix
error message.

I removed this and installed freeswan-module-1.99_2.4.9_34-0.i386.rpm but
I'm still unable to ping internal hosts. Debug log is:

Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: assigning packet
ownership to virtual device ipsec0 from physical device eth0.
Dec 27 12:27:34 devil kernel: klips_debug: IP: ihl:20 ver:4 tos:56 tlen:96
id:41894 frag_off:0 ttl:57 proto:50 chk:47927 saddr:151.39.227.40
daddr:xxx.yy.zzz.226
Dec 27 12:27:34 devil kernel: klips_debug:gettdb: linked entry in tdb table
for hash=20 of SA:esp0x49dc3864_at_xxx.yy.zzz.226 requested.
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv:
SA:esp0x49dc3864_at_xxx.yy.zzz.226, src=151.39.227.40 of pkt agrees with
expected SA source address policy.
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv:
SA:esp0x49dc3864_at_xxx.yy.zzz.226 First SA in group.
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv:
SA:esp0x49dc3864_at_xxx.yy.zzz.226 No previous backlink in group.
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: packet from
151.39.227.40 received with seq=312 (iv)=0x42c9d700be160f47 iplen=96
esplen=64 sa=esp0x49dc3864_at_xxx.yy.zzz.226
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: encalg = 3, authalg =
2.
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: authentication
successful.
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: padlen=6, contents:
0x<offset>: 0x<value> 0x<value> ...
Dec 27 12:27:34 devil kernel: klips_debug: 00: 01 02 03 04 05 06
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: packet decrypted from
151.39.227.40: next_header = 4, padding = 6
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: trimming to 60.
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: after
<ESP_3DES_HMAC_MD5>, SA:esp0x49dc3864_at_xxx.yy.zzz.226:
Dec 27 12:27:34 devil kernel: klips_debug: IP: ihl:20 ver:4 tos:56 tlen:60
id:41894 frag_off:0 ttl:57 proto:4 chk:48009 saddr:151.39.227.40
daddr:xxx.yy.zzz.226
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv:
SA:esp0x49dc3864_at_xxx.yy.zzz.226, backpolicy agrees with fwdpolicy.
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv:
SA:esp0x49dc3864_at_xxx.yy.zzz.226, Another IPSEC header to process.
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: IPIP tunnel stripped.
Dec 27 12:27:34 devil kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:40
id:27444 frag_off:0 ttl:48 proto:6 (TCP) chk:58519 saddr:151.39.227.40:60155
daddr:192.168.0.12:774
Dec 27 12:27:34 devil kernel: klips_debug:ipsec_rcv: netif_rx() called.

netif_rx() is the last call before packet disappear.

Please help me.

Domenico Viggiani

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.5 : Mon Dec 30 2002 - 05:21:12 CET