<div>Dear Paul,</div>
<div> </div>
<div>In IMS-AKA (IP Multimedia Subsystem - Authentication and Key Agreement) scenario, authentication and associations are taken care by SIP protocol.So, no IKE happens. So to </div>
<div>very much simplify this scenario, as a first step, I want to "manually key" with the main motivation to verify "UDP encapsulation". Then the next step would be to use SIP to establish assocations. So manual keying would be the first step for this. Already its possible with setkey to use manual keying, but I am not able to force it to UDP encapsulate the packets. But, with pluto using NETKEY IPSec stack, in automatic keying I am able to force NAT-T and in effect UDP encapsulation. But, I do not want IKE to be run and just want to force "UDP encapsulation" and the obvious choice is "manual keying".
</div>
<div> </div>
<div>When I try to force NAT-T using manual keying, I get the following error</div>
<div> </div>
<div>ipsec manual: fatal error in "man": no IPSEC-enabled Interfaces found</div>
<div> </div>
<div>As I googled and went through the archives for solving the above error, it was suggested to use KLIPS stack instead of NETKEY stack and this is the reason I wanted to move to KLIPS stack. </div>
<div> </div>
<div>So, I would like to know if NAT-T can be "forced" in manual keying with KLIPS IPSec stack and is it a good idea to do that, or this can be just done with the NETKEY IPSec stack itself and there is some possibility to solve the above error.
</div>
<div> </div>
<div>Thanking you very much,</div>
<div> </div>
<div>regards,</div>
<div>Pjothi</div>
<div> </div>
<div> </div>
<div> </div>
<div><br> </div>
<div><span class="gmail_quote">On 3/3/06, <b class="gmail_sendername">Paul Wouters</b> <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Fri, 3 Mar 2006, Pjothi wrote:<br><br>> My kernel is 2.6.13 (SUSE 10)<br>> Openswan version,- 2.4.5rc5
<br>><br>> The wiki and README in Openswan documentation are not clear. In README, it<br>> says to apply nattpatch first. I am getting errorrs like<br>> HUNK #1 failed<br><br>export KERNELSRC=/your/suse/kernel
<br>cd openswan-2<br>make nattpatch > $KERNELSRC/natt.patch<br>cd $KERNELSRC<br>patch -p1 -s < natt.patch<br>make oldconfig<br>make clean<br>make bzImage modules modules_install<br>cd /your/openswan-2<br>make module module_install
<br><br>> Does anyone have a nice documentation that explains simply what has to be<br>> done in an orderly way. My main motivation is to use KLIPS IPSec stack, with<br>> NAT-T so that I can use manual configuration with UDP encapsulation forced.
<br><br>manual configuration? you mean manual keying? You should not be using manual keying.<br>There is no valid reason for it.<br><br>Paul<br>--<br>Building and integrating Virtual Private Networks with Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br></blockquote></div><br>