The second pre-flight check we can perform is ipsec
livetest
. This command, available in Openswan 2.5 and later, will perform various tests to a specific test server, livetest.xelerance.net
, to determine whether your ISP is filtering any packets, or is incorrectly mangling packets, for instance because of broken path-MTU discovery.
Note
If you are uncomfortable with having your IPsec machine send packets to a public test server, you should not use the ipsec
livetest
command.
# ipsec livetest
Checking that Openswan has not been started [OK] Checking for livetest.xelerance.net connectivity using ping [OK] Checking for free path on UDP port 500 (IKE) [OK] Checking for free path on UDP port 4500 (IKE NAT-T) [OK] Starting barebone Openswan [OK] Fetching connection information from livetest.xelerance.com [OK] Loading IPsec conn livetest [OK] Starting IPsec conn livetest [OK] Sending packets over IPsec conn livetest [OK] Sending large...