<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:10pt"><div><br>I already modified those configs and here is what ipsec barf will say thanks in advance<br><br><br></div><div style="font-family: times new roman,new york,times,serif; font-size: 10pt;">Jan 18 17:58:33 sti-fw2 pluto[14946]: | NAT-OA: 32 tunnel: 1<br>Jan 18 17:58:33 sti-fw2 pluto[14946]: "roadwarrior-l2tp"[1] 124.106.205.249 #2: pfkey_lib_debug:pfkey_sa_parse: SAref=196612 must be (SAref == IPSEC_SAREF_NULL(0) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(32768)).<br>Jan 18 17:58:33 sti-fw2 pluto[14946]: "roadwarrior-l2tp"[1] 124.106.205.249 #2: pfkey_lib_debug:pfkey_msg_parse: extension parsing for type 1(security-association) failed with error -22.<br>Jan 18 17:58:33 sti-fw2 pluto[14946]: "roadwarrior-l2tp"[1] 124.106.205.249 #2: pfkey_lib_debug:pfkey_sa_parse: SAref=196612 must be (SAref
== IPSEC_SAREF_NULL(0) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(32768)).<br>Jan 18 17:58:33 sti-fw2 pluto[14946]: "roadwarrior-l2tp"[1] 124.106.205.249 #2: pfkey_lib_debug:pfkey_msg_parse: extension parsing for type 1(security-association) failed with error -22.<br>Jan 18 17:58:33 sti-fw2 pluto[14946]: "roadwarrior-l2tp"[1] 124.106.205.249 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1<br>Jan 18 17:58:33 sti-fw2 pluto[14946]: "roadwarrior-l2tp"[1] 124.106.205.249 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<br>Jan 18 17:58:33 sti-fw2 pluto[14946]: "roadwarrior-l2tp"[1] 124.106.205.249 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<br>Jan 18 17:58:33 sti-fw2 pluto[14946]: "roadwarrior-l2tp"[1] 124.106.205.249 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xbc38cb24 <0x53846cb9 xfrm=AES_128-HMAC_SHA1 NATOA=192.168.2.254 NATD=124.106.205.249:36866 DPD=none}<br>Jan 18
17:59:08 sti-fw2 pluto[14946]: "roadwarrior-net"[2] 124.106.205.249 #1: received Delete SA(0xbc38cb24) payload: deleting IPSEC State #2<br>Jan 18 17:59:08 sti-fw2 pluto[14946]: "roadwarrior-net"[2] 124.106.205.249 #1: deleting connection "roadwarrior-l2tp" instance with peer 124.106.205.249 {isakmp=#0/ipsec=#0}<br>Jan 18 17:59:08 sti-fw2 pluto[14946]: "roadwarrior-net"[2] 124.106.205.249 #1: received and ignored informational message<br>Jan 18 17:59:08 sti-fw2 pluto[14946]: "roadwarrior-net"[2] 124.106.205.249 #1: received Delete SA payload: deleting ISAKMP State #1<br>Jan 18 17:59:08 sti-fw2 pluto[14946]: "roadwarrior-net"[2] 124.106.205.249: deleting connection "roadwarrior-net" instance with peer 124.106.205.249 {isakmp=#0/ipsec=#0}<br>Jan 18 17:59:08 sti-fw2 pluto[14946]: packet from 124.106.205.249:36866: received and ignored informational message<br><br><div style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"><font face="Tahoma"
size="2"><hr size="1"><b><span style="font-weight: bold;">From:</span></b> Paul Wouters <paul@xelerance.com><br><b><span style="font-weight: bold;">To:</span></b> Ronald <loloski@yahoo.com><br><b><span style="font-weight: bold;">Cc:</span></b> users@openswan.org<br><b><span style="font-weight: bold;">Sent:</span></b> Mon, January 18, 2010 6:51:30 AM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [Openswan Users] kernel 2.6.23 + saref + centos 5<br></font><br>
On Sun, 17 Jan 2010, Paul Wouters wrote:<br><br>>> Do i need to enable something on make menuconfig to enable saref feature?<br>> <br>> No. There is no config option for it. Note that with openswan, you must<br>> use protostack=mast and have overlapip=yes in your l2tp conn section.<br><br>Also double check your installed _updown.mast. You will see this:<br><br> # note "fwmarkmask" is an (obsolete) Openswan patch to "ip" command.<br> # note2: iproute2-2.6.22-070710 supports mask via /mask notation instead<br> # ip rule add fwmark 0x80000000 fwmarkmask 0x80000000 table 50<br> ip rule add fwmark 0x80000000/0x80000000 table 50<br> ip route add 0.0.0.0/0 dev $PLUTO_INTERFACE table 50<br><br>For the 2.6.23 version you need to use the line with "fwmarkmask". With<br>2.6.32 you need to use the line with
0x80000000/0x80000000.<br><br>Paul<br></div></div>
<!-- cg1.c1.mail.mud.yahoo.com compressed/chunked Mon Jan 18 01:41:45 PST 2010 -->
</div><br>
</body></html>