<div dir="ltr"><br>Hello Sir,<br><br>Please help me on openswan in ubuntu.<br><br>I have upgrade the openswan to Openswan U2.6.30 version . But in this when I am tring to ipsec verify its howing<br><br><span style="color: rgb(0, 0, 102);">root@heta-VirtualBox:/usr/local# sbin/ipsec verify</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Checking your system to see if IPsec got installed and started correctly:</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Version check and ipsec on-path [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Linux Openswan U2.6.30/K2.6.35-22-generic (netkey)</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Checking for IPsec support in kernel [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">SAref kernel support [N/A]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">NETKEY detected, testing for disabled ICMP send_redirects [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">NETKEY detected, testing for disabled ICMP accept_redirects [OK]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Checking that pluto is running [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Pluto listening for IKE on udp 500 [OK]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Pluto listening for NAT-T on udp 4500 [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Checking for 'ip' command [OK]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">Checking for 'iptables' command [OK]</span><br style="color: rgb(0, 0, 102);">
<span style="color: rgb(0, 0, 102);">Opportunistic Encryption Support [DISABLED]</span><br style="color: rgb(0, 0, 102);"><span style="color: rgb(0, 0, 102);">root@heta-VirtualBox:/usr/local# </span><br>
<br><br>Mean of that ipsec is not supported to kernel so<font size="4"><b> how to compile kernel for IPSEC Please help me</b></font>.<br><br><br><div class="gmail_quote">On Thu, Jun 2, 2011 at 1:40 PM, heta shah <span dir="ltr"><<a href="mailto:heta45@gmail.com">heta45@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div dir="ltr"><div>Hello Sir,</div><div><br></div><div>Please help me regarding IPSEC with L2TP. I have configure OPENSWAN with L2TP . when I am tring to connect to server from NATed site it showing this error on server side.</div>
<div>My server is Ubuntu 9.10 server edition with kernel 2.6.28-11-server</div><div><br></div><div><font color="#000099"><br></font></div><div><font color="#000099"><br></font></div>
<div><font color="#000099"><br></font></div><div><font color="#000099">Jun 2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #14: peer client type is FQDN</font></div>
<div><font color="#000099">Jun 2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #14: Applying workaround for MS-818043 NAT-T bug</font></div><div><font color="#000099">Jun 2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #14: IDci was FQDN: t\307\251-, using NAT_OA=<a href="http://192.168.1.35/32" target="_blank">192.168.1.35/32</a> as IDci</font></div>
<div><font color="#000099">Jun 2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #14: the peer proposed: <a href="http://116.199.169.45/32:17/1701" target="_blank">116.199.169.45/32:17/1701</a> -> <a href="http://192.168.1.35/32:17/0" target="_blank">192.168.1.35/32:17/0</a></font></div>
<div><font color="#000099">Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #15: responding to Quick Mode proposal {msgid:314343e9}</font></div><div><font color="#000099">Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #15: us: 116.199.169.45<116.199.169.45>[+S=C]:17/1701</font></div>
<div><font color="#000099">Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #15: them: 117.196.10.91[@<a href="http://2k3test.enjay.com" target="_blank">2k3test.enjay.com</a>,+S=C]:17/1701===?</font></div>
<div><font color="#000099">Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #15: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1</font></div><div><font color="#000099">Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #15: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2</font></div>
<div><font color="#000099">Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #15: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2</font></div><div><font color="#000099">Jun 2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91 #15: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x8b28bcad <0xa93368e1 xfrm=3DES_0-HMAC_MD5 NATOA=192.168.1.35 NATD=<a href="http://117.196.10.91:4500" target="_blank">117.196.10.91:4500</a> DPD=none}</font></div>
<div><div><font color="#000099">Jun 2 13:34:36 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16] 117.196.10.91 #18: received Delete SA(0x8b9e0884) payload: deleting IPSEC State #19</font></div>
<div><font color="#000099">Jun 2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16] 117.196.10.91 #18: received and ignored informational message</font></div><div><font color="#000099">Jun 2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16] 117.196.10.91 #18: received Delete SA payload: deleting ISAKMP State #18</font></div>
<div><font color="#000099">Jun 2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16] <a href="http://117.196.10.91" target="_blank">117.196.10.91</a>: deleting connection "L2TP-PSK-NAT" instance with peer 117.196.10.91 {isakmp=#0/ipsec=#0}</font></div>
<div><font color="#000099">Jun 2 13:34:37 cloud-enjay pluto[2638]: packet from <a href="http://117.196.10.91:4500" target="_blank">117.196.10.91:4500</a>: received and ignored informational message</font></div></div>
<div><br></div><div><br></div>when I am starting the XL2TP service it gives this error.<div><br><div><div><font color="#000099">Jun 2 13:37:01 cloud-enjay xl2tpd[24455]: setsockopt recvref[22]: Protocol not available </font></div>
<div><font color="#000099">Jun 2 13:37:01 cloud-enjay xl2tpd[24455]: This binary does not support kernel L2TP. </font></div><div><font color="#000099">Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: xl2tpd version xl2tpd-1.2.4 started on cloud-enjay PID:24456 </font></div>
<div><font color="#000099">Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. </font></div><div><font color="#000099">Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Forked by Scott Balmos and David Stipp, (C) 2001 </font></div>
<div><font color="#000099">Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Inherited by Jeff McAdams, (C) 2002 </font></div><div><font color="#000099">Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Forked again by Xelerance (<a href="http://www.xelerance.com" target="_blank">www.xelerance.com</a>) (C) 2006 </font></div>
<div><font color="#000099">Jun 2 13:37:01 cloud-enjay xl2tpd[24456]: Listening on IP address 0.0.0.0, port 1701 </font></div></div><div><br></div><div>Please help me If anyone knows about it.<br>
-- <br>Thanks and Regards.<br><br>Heta Shah<br>91-9662505876<br><br><br><br>
</div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br>Thanks and Regards.<br><br>Heta Shah<br>91-9662505876<br><br><br><br>
</div>