Bug#590661: linux-image-2.6.32-5-openvz-amd64: openswan ipsec packets do not reach openvz instances
Hi,
On Wed, 2010-07-28 at 11:30 +0200, maximilian attems wrote:
> On Wed, Jul 28, 2010 at 11:09:41AM +0200, Daniel Tombeil wrote:
[...]
> > in netkey-mode. I'll post the setup-guide for reproduction and the
> > binary tcpdump ASAP.
>
> ok sorry overlooked, as wasn't in body, please make upstream devs
> aware by filing there.
> development and fixes happens there. thanks
no prob. I'm not very used to file bugs by now. I found a related
bug-report at openvz.org for RHEL6. Seems to be the same problem. The
workaround I found there works for me, too:
Bug 1554 - ipsec vpn terminated in HN not available in VE unless IPSEC
policies are disabled for venet0
http://bugzilla.openvz.org/show_bug.cgi?id=1554
There is still a discussion ongoing if this scenario is or should be
supported at all or not. I wrote a comment confirming the problem exists
also on debian squeeze/testing. I'll now wait what the discussion leads
to. As long as it works I can live with the sysctl inside the VE.
Thank you!
--
Gruss | LF.net GmbH | fon +49 711 90074-402
Daniel Tombeil | Ruppmannstr. 27 | fax +49 711 90074-33
dt@LF.net | D-70565 Stuttgart | http://www.LF.net
Reply to: