Herbert Xu wrote: >On Thu, Nov 17, 2005 at 09:39:58PM +0100, Charles-Edouard Ruault wrote: > > >>i just realized i had forgotten to flush my nat tables :( when i >>reported it did not change. >>I just tried again and i was able to pinpoint that nat is indeed the >>problem. >>I can have all my other netfilter rules and IPSEC works. When i set the >>nat rule ( a simple iptables -A POSTROUTING -o eth1 -j MASQUERADE) , >> >> > >Aha, this is actually expected. Applying SNAT to IPsec at the moment >produces undefined results. > >If you really need it, you should apply Patrick McHardy's netfilter >IPsec patches which can be found on patch-o-matic. > >Cheers, > > Hmmm i was not aware of that :( Was puzzled me most is that I did not notice any problem before 2.6.14 ! Do you know if these patches will be included in the official kernel tree one day ? It would be really useful ! Also another user on the StrongSwan mailing list has reported hard crashes of his boxes once he upgraded to kernel 2.6.14 Have you gotten other reports of similar problems ? Again, it's working fine for him on 2.6.13 and crashes 100% of the time on 2.6.14 after a few hours of usage. I'm CCing him so that you can investigate the problem together.... Thanks again.
-- Charles-Edouard Ruault GPG key Id E4D2B80C - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
