Hi,<br>I am using OpenSwan to test my crypto driver that provides IPSec offload. I have a very basic tunnel set up as shown below. I am primarily trying to test UDP Encapsulation through this tunnel although I do not have a NAT device on either side of the tunnel. The problem I am having is that with the following ipsec.conf ( with nat_traversal=yes and forceencaps = yes), I only see ESP Packets but not UDP Encapsulated packets. <br>
<br>                                          (directly connected)<br>10.66.21.166 ----- 10.66.21.164(eth0)---192.168.1.100(eth1)<========>192.168.2.100(eth1)—10.66.12.185(eth0)-------10.66.12.186<br>
Machine : A                         Machine: B                                         Machine: C                         Machine: D<br><br>This is my current ipsec.conf<br># /etc/ipsec.conf <br>
<br>version 2.0<br>#config setup<br>config setup<br> interfaces=%defaultroute<br> protostack=netkey<br> klipsdebug=none<br> plutodebug=all<br> nat_traversal=yes<br><br>#Simple Host to Host Connection<br>
conn tunnel-to-tunnel<br> type=tunnel<br> forceencaps=yes<br> left=192.168.1.100 <br> leftsubnet=<a href="http://10.66.21.0/24">10.66.21.0/24</a><br> leftrsasigkey=<right key><br>
right=192.168.2.100 <br> rightsubnet=<a href="http://10.66.12.0/24">10.66.12.0/24</a><br> rightrsasigkey=<left key><br> keyingtries=1 <br> auto=add<br>
<br># ipsec --version<br>ipsec --version<br>Linux Openswan U2.5.17/K2.6.27 (netkey)<br><br>When I run pluto I get the following output,<br><br>pluto[1944]: Starting Pluto (Openswan Version 2.5.17; Vendor ID OEztC{yJaHh[) pid:1944<br>
pluto[1944]: Setting NAT-Traversal port-4500 floating to off<br>pluto[1944]: port floating activation criteria nat_t=0/port_float=1<br>pluto[1944]: including NAT-Traversal patch (Version 0.6c) [disabled]<br>pluto[1944]: using /dev/urandom as source of random entropy<br>
pluto[1944]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)<br>pluto[1944]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)<br>pluto[1944]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)<br>
pluto[1944]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<br>pluto[1944]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)<br>pluto[1944]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)<br>
pluto[1944]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)<br>pluto[1944]: starting up 1 cryptographic helpers<br>pluto[1945]: using /dev/urandom as source of random entropy<br>pluto[1944]: started helper pid=1945 (fd:6)<br>
pluto[1944]: Using Linux 2.6 IPsec interface code on 2.6.27 (experimental code)<br><br>I am not sure what could be missing in the ipsec.conf file or for any other configurtaion which I missed. I would really appreciate any suggestions on this issue.<br>
<br>Thanks,<br>Shasi <br><br>