%acquire-netlink error in OpenSwan
This is a discussion on %acquire-netlink error in OpenSwan within the Linux Security forums, part of the System Security and Security Related category; Hi all, I've a Debian box with (Debian) kernel 2.6.11-3 and OpenSwan 2.3.0-2 (...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-05-2005
|
|||
|
|||
%acquire-netlink error in OpenSwan
Hi all,
I've a Debian box with (Debian) kernel 2.6.11-3 and OpenSwan 2.3.0-2 (again, Debian package) and several Windows roadwarriors using a safenet- based client. X.509 certificate based authentication. I can establish the SA, the traffic is encrypted, and I can do almost everything. BUT... I can't navigate some sites, or do certain network actions. Originally I found that I've to lower the MTU, so it's now setup to 1400, examining the traffic shows the IPSec overhead brings it to 1415, that's fine, well under 1500. It still fails with some sites/actions. It is consistent and can be repeated. When this happens, an ipsec auto --status shows lines like this at the end: 000 x.x.x.x/32:0 -17-> y.y.y.y/32:0 => %hold 0 %acquire-netlink 000 x.x.x.x/32:0 -17-> y.y.y.y/32:0 => %hold 0 %acquire-netlink 000 x.x.x.x/32:0 -17-> y.y.y.y/32:0 => %hold 0 %acquire-netlink 000 x.x.x.x/32:0 -17-> y.y.y.y/32:0 => %hold 0 %acquire-netlink etc... x.x.x.x is the remote site that fails, y.y.y.y is the roadwarrior. Digging for information on that hasn't provided any answer to the problem. Did anyone ever had this issue??? Any help is appreciated. TIA! Mike 
|
Linear Mode
