<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=UTF-8" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.23532">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#0000ff size=2 face=Verdana>Hi Dan,</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Because I do not
ues certificates to do authentication.so I ignore it.</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Best Regards,</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Ozai</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #0000ff 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px"
dir=ltr>
<DIV style="FONT: 10pt 新細明體">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt 新細明體; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=dan.cave@me.com href="mailto:dan.cave@me.com">Dan Cave</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>To:</B> <A title=bartsmink@gmail.com
href="mailto:bartsmink@gmail.com">Bart Smink</A> ; <A
title=ozai.tien@gmail.com href="mailto:ozai.tien@gmail.com">Ozai</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>Cc:</B> <A title=users@lists.openswan.org
href="mailto:users@lists.openswan.org">users@lists.openswan.org</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>Sent:</B> Friday, November 08, 2013 6:35
PM</DIV>
<DIV style="FONT: 10pt 新細明體"><B>Subject:</B> Re: [Openswan Users]
NAT-Traversal issue</DIV>
<DIV><BR></DIV>
<DIV>Um.. not sure if anyone picked up on these messages that shows issues
with certs.</DIV>
<DIV><BR></DIV>
<DIV><SPAN style="FONT-FAMILY: Verdana; COLOR: rgb(0,0,255)"
class=Apple-style-span>om entropy<BR>Nov 8 <A
href="calendar:T1:09:00:13">09:00:13</A> authpriv warn pluto[8242]: Could
not change to directory '/var/ipsec.d/cacerts': No such file or
directory<BR>Nov 8 <A
href="calendar:T1:09:00:13">09:00:13</A> authpriv warn pluto[8242]: Could
not change to directory '/var/ipsec.d/aacerts': No such file or
directory<BR>Nov 8 <A
href="calendar:T1:09:00:13">09:00:13</A> authpriv warn pluto[8242]: Could
not change to directory '/var/ipsec.d/ocspcerts': No such file or
directory<BR>Nov 8 <A
href="calendar:T1:09:00:13">09:00:13</A> authpriv warn pluto[8242]: Could
not change to directory '/var/ipsec.d/crls': 2 No such file or
directory<BR>Nov 8 <A
href="calendar:T1:09:00:13">09:00:13</A> authpriv warn pluto[8242]: added
connection description "test"<BR>Nov 8 <A
href="calendar:T1:09:00:13">09:00:13</A> daemon err ipsec__plutorun: 002
added connection description "test"<BR>Nov 8 <A
href="calendar:T1:09:00:14">09:00:14</A> authpriv warn pluto[8242]:
listening for IKE messages</SPAN></DIV>
<DIV><SPAN style="FONT-FAMILY: Verdana; COLOR: rgb(0,0,255)"
class=Apple-style-span><BR></SPAN></DIV>
<DIV><SPAN style="FONT-FAMILY: Verdana; COLOR: rgb(0,0,255)"
class=Apple-style-span>I'd start by trying to fix that?
#maybeRelevant?</SPAN></DIV>
<DIV><BR></DIV>
<DIV>
<DIV style="COLOR: #575757; FONT-SIZE: 75%">Sent from Samsung
Mobile</DIV></DIV><BR><BR>-------- Original message --------<BR>From: Bart
Smink <BARTSMINK@GMAIL.COM><BR>Date:08/11/2013 10:23 (GMT+00:00) <BR>To: Ozai
<OZAI.TIEN@GMAIL.COM><BR>Cc: users@lists.openswan.org <BR>Subject: Re:
[Openswan Users] NAT-Traversal issue <BR><BR>
<DIV dir=ltr>
<DIV>
<DIV>
<DIV>Hi Ozai,<BR><BR></DIV>It could be that the router that is in front of the
client that is trying to connect is altering the packages with
IPsec-passthrough functions. Sometimes this breaks the connection and it is
better to turn these features off. You could try to connect directly and see
if that works. On the openswan 2.6.38 computer, what kernel version do you
run? And which linux distribution? And the NAT is done by which
device?<BR><BR></DIV>Greetings,<BR><BR></DIV>Bart<BR></DIV>
<DIV class=gmail_extra><BR><BR>
<DIV class=gmail_quote>2013/11/8 Ozai <SPAN dir=ltr><<A
href="mailto:ozai.tien@gmail.com"
target=_blank>ozai.tien@gmail.com</A>></SPAN><BR>
<BLOCKQUOTE
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote><U></U>
<DIV dir=auto bgcolor="#ffffff">
<DIV><FONT color=#0000ff face=Verdana>Dear Sirs,</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>The messages are from server.It seem
that client did not transform the IP address.So the server can not check
antyhing.It seem the NAT traversal could not work.What kernel feature do I
need to enable?or anything else I need to check?</FONT></DIV>
<DIV class=im>
<DIV>
<DIV><FONT color=#0000ff face=Verdana>Can someone point me in the right
direction?Please help,Thank's.</FONT></DIV></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV></DIV>
<DIV><FONT color=#0000ff face=Verdana>Best Regards,</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>Ozai</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>Nov 8 09:00:09 daemon err
ipsec_setup: Starting Openswan IPsec U2.6.38/K2.6.30...<BR>Nov 8
09:00:09 daemon err ipsec_setup: Using NETKEY(XFRM) stack<BR>Nov 8
09:00:11 authpriv err ipsec__plutorun: Starting Pluto
subsystem...<BR>Nov 8 09:00:11 user warn syslog: adjusting ipsec.d to
/var/ipsec.d<BR>Nov 8 09:00:11 daemon err ipsec__plutorun: adjusting
ipsec.d to /var/ipsec.d<BR>Nov 8 09:00:11 authpriv warn pluto[8242]:
WARNING: 1DES is enabled<BR>Nov 8 09:00:11 authpriv warn pluto[8242]:
LEAK_DETECTIVE support [disabled]<BR>Nov 8 09:00:11 authpriv warn
pluto[8242]: OCF support for IKE [disabled]<BR>Nov 8 09:00:11 authpriv
warn pluto[8242]: NSS support [disabled]<BR>Nov 8 09:00:11 authpriv
warn pluto[8242]: HAVE_STATSD notification support not compiled
in<BR>Nov 8 09:00:11 authpriv warn pluto[8242]: Setting NAT-Traversal
port-4500 floating to off<BR>Nov 8 09:00:11 authpriv warn
pluto[8242]: port floating activation criteria
nat_t=0/port_float=1<BR>Nov 8 09:00:11 authpriv warn
pluto[8242]: NAT-Traversal support
[disabled]<BR>Nov 8 09:00:11 authpriv warn pluto[8242]: using
/dev/urandom as source of random entropy<BR>Nov 8 09:00:11 daemon err
ipsec_setup: ...Openswan IPsec started<BR>Nov 8 09:00:11 authpriv warn
pluto[8242]: starting up 1 cryptographic helpers<BR>Nov 8 09:00:11
authpriv warn pluto[8242]: started helper pid=8244 (fd:6)<BR>Nov 8
09:00:11 authpriv warn pluto[8244]: using /dev/urandom as source of random
entropy<BR>Nov 8 09:00:13 authpriv warn pluto[8242]: Could not change
to directory '/var/ipsec.d/cacerts': No such file or directory<BR>Nov
8 09:00:13 authpriv warn pluto[8242]: Could not change to directory
'/var/ipsec.d/aacerts': No such file or directory<BR>Nov 8 09:00:13
authpriv warn pluto[8242]: Could not change to directory
'/var/ipsec.d/ocspcerts': No such file or directory<BR>Nov 8 09:00:13
authpriv warn pluto[8242]: Could not change to directory
'/var/ipsec.d/crls': 2 No such file or directory<BR>Nov 8 09:00:13
authpriv warn pluto[8242]: added connection description "test"<BR>Nov
8 09:00:13 daemon err ipsec__plutorun: 002 added connection description
"test"<BR>Nov 8 09:00:14 authpriv warn pluto[8242]: listening for IKE
messages<BR>Nov 8 09:00:14 authpriv warn pluto[8242]: adding interface
eth3.1/eth3.1 <A href="http://192.17.200.110:500"
target=_blank>192.17.200.110:500</A><BR>Nov 8 09:00:14 authpriv warn
pluto[8242]: adding interface br0/br0 <A href="http://192.168.12.254:500"
target=_blank>192.168.12.254:500</A><BR>Nov 8 09:00:14 authpriv warn
pluto[8242]: adding interface lo/lo <A href="http://127.0.0.1:500"
target=_blank>127.0.0.1:500</A><BR>Nov 8 09:00:14 authpriv warn
pluto[8242]: adding interface lo/lo ::1:500<BR>Nov 8 09:00:14 authpriv
warn pluto[8242]: loading secrets from "/var/ipsec.secrets"<BR>Nov 8
09:00:15 authpriv warn pluto[8242]: "test": deleting connection<BR>Nov
8 09:00:15 authpriv warn pluto[8242]: added connection description
"test"<BR>Nov 8 09:00:15 authpriv warn pluto[8242]: "test" #1:
initiating Main Mode<BR>Nov 8 09:00:15 authpriv warn pluto[8242]:
"test" #1: ERROR: asynchronous network error report on eth3.1 (sport=500)
for message to 192.17.200.79 port 500, complainant <A
href="http://192.17.200.79" target=_blank>192.17.200.79</A>: Connection
refused [errno 146, origin ICMP type 3 code 3 (not<BR>Nov 8 09:00:20
authpriv warn pluto[8242]: packet from 192.17.200:1: received Vendor ID
payload [Dead Peer Detection]<BR>Nov 8 09:00:20 authpriv warn
pluto[8242]: "test" #2: responding to Main Mode<BR>Nov 8 09:00:20
authpriv warn pluto[8242]: "test" #2: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1<BR>Nov 8 09:00:20 authpriv warn pluto[8242]:
"test" #2: STATE_MAIN_R1: sent MR1, expecting MI2<BR>Nov 8 09:00:21
authpriv warn pluto[8242]: "test" #2: transition from state STATE_MAIN_R1 to
state STATE_MAIN_R2<BR>Nov 8 09:00:21 authpriv warn pluto[8242]:
"test" #2: STATE_MAIN_R2: sent MR2, expecting MI3<BR>Nov 8 09:00:21
authpriv warn pluto[8242]: "test" #2: Main mode peer ID is ID_IPV4_ADDR:
'192.168.11.2'<BR>Nov 8 09:00:21 authpriv warn pluto[8242]: "test" #2:
no suitable connection for peer '192.168.11.2'<BR>Nov 8 09:00:21
authpriv warn pluto[8242]: "test" #2: sending encrypted notification
INVALID_ID_INFORMATION to <A href="http://192.17.200.79:1"
target=_blank>192.17.200.79:1</A><BR>Nov 8 09:00:25 authpriv warn
pluto[8242]: "test" #1: ERROR: asynchronous network error report on eth3.1
(sport=500) for message to 192.17.200.79 port 500, complainant <A
href="http://192.17.200.79" target=_blank>192.17.200.79</A>: Connection
refused [errno 146, origin ICMP type 3 code 3 (not<BR>Nov 8 09:00:31
authpriv warn pluto[8242]: "test" #2: no suitable connection for peer
'192.168.11.2'<BR>Nov 8 09:00:31 authpriv warn pluto[8242]: "test" #2:
sending encrypted notification INVALID_ID_INFORMATION to <A
href="http://192.17.200.79:1" target=_blank>192.17.200.79:1</A><BR>Nov
8 09:00:45 authpriv warn pluto[8242]: "test" #1: ERROR: asynchronous network
error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500,
complainant <A href="http://192.17.200.79" target=_blank>192.17.200.79</A>:
Connection refused [errno 146, origin ICMP type 3 code 3 (not<BR>Nov 8
09:00:51 authpriv warn pluto[8242]: "test" #2: no suitable connection for
peer '192.168.11.2'<BR>Nov 8 09:00:51 authpriv warn pluto[8242]:
"test" #2: sending encrypted notification INVALID_ID_INFORMATION to <A
href="http://192.17.200.79:1" target=_blank>192.17.200.79:1</A><BR>Nov
8 09:01:25 authpriv warn pluto[8242]: "test" #1: ERROR: asynchronous network
error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500,
complainant <A href="http://192.17.200.79" target=_blank>192.17.200.79</A>:
Connection refused [errno 146, origin ICMP type 3 code 3 (not<BR>Nov 8
09:01:31 authpriv warn pluto[8242]: packet from <A
href="http://192.17.200.79:1" target=_blank>192.17.200.79:1</A>: received
Vendor ID payload [Openswan (this version) 2.6.38 ]<BR>Nov 8 09:01:31
authpriv warn pluto[8242]: packet from <A href="http://192.17.200.79:1"
target=_blank>192.17.200.79:1</A>: received Vendor ID payload [Dead Peer
Detection]<BR>Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3:
responding to Main Mode<BR>Nov 8 09:01:31 authpriv warn pluto[8242]:
"test" #3: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1<BR>Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3:
STATE_MAIN_R1: sent MR1, expecting MI2<BR>Nov 8 09:01:31 authpriv warn
pluto[8242]: "test" #3: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2<BR>Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3:
STATE_MAIN_R2: sent MR2, expecting MI3<BR>Nov 8 09:01:31 authpriv warn
pluto[8242]: "test" #3: Main mode peer ID is ID_IPV4_ADDR:
'192.168.11.2'<BR>Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3:
no suitable connection for peer '192.168.11.2'<BR>Nov 8 09:01:31
authpriv warn pluto[8242]: "test" #3: sending encrypted notification
INVALID_ID_INFORMATION to <A href="http://192.17.200.79:1"
target=_blank>192.17.200.79:1</A><BR>Nov 8 09:01:41 authpriv warn
pluto[8242]: "test" #3: Main mode peer ID is ID_IPV4_ADDR:
'192.168.11.2'<BR>Nov 8 09:01:41 authpriv warn pluto[8242]: "test" #3:
no suitable connection for peer '192.168.11.2'<BR>Nov 8 09:01:41
authpriv warn pluto[8242]: "test" #3: sending encrypted notification
INVALID_ID_INFORMATION to <A href="http://192.17.200.79:1"
target=_blank>192.17.200.79:1</A><BR>Nov 8 09:02:01 authpriv warn
pluto[8242]: "test" #3: Main mode peer ID is ID_IPV4_ADDR:
'192.168.11.2'<BR>Nov 8 09:02:01 authpriv warn pluto[8242]: "test" #3:
no suitable connection for peer '192.168.11.2'<BR>Nov 8 09:02:01
authpriv warn pluto[8242]: "test" #3: sending encrypted notification
INVALID_ID_INFORMATION to <A href="http://192.17.200.79:1"
target=_blank>192.17.200.79:1</A><BR>Nov 8 09:02:05 authpriv warn
pluto[8242]: "test" #1: ERROR: asynchronous network error report on eth3.1
(sport=500) for message to 192.17.200.79 port 500, complainant <A
href="http://192.17.200.79" target=_blank>192.17.200.79</A>: Connection
refused [errno 146, origin ICMP type 3 code 3 (not<BR>Nov 8 09:02:41
authpriv warn pluto[8242]: packet from <A href="http://192.17.200.79:1"
target=_blank>192.17.200.79:1</A>: received Vendor ID payload [Dead Peer
Detection]<BR>Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4:
responding to Main Mode<BR>Nov 8 09:02:41 authpriv warn pluto[8242]:
"test" #4: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1<BR>Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4:
STATE_MAIN_R1: sent MR1, expecting MI2<BR>Nov 8 09:02:41 authpriv warn
pluto[8242]: "test" #3: max number of retransmissions (2) reached
STATE_MAIN_R2<BR>Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<BR>Nov 8
09:02:41 authpriv warn pluto[8242]: "test" #4: STATE_MAIN_R2: sent MR2,
expecting MI3<BR>Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4:
Main mode peer ID is ID_IPV4_ADDR: '192.168.11.2'<BR>Nov 8 09:02:41
authpriv warn pluto[8242]: "test" #4: no suitable connection for peer
'192.168.11.2'<BR>Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4:
sending encrypted notification INVALID_ID_INFORMATION to <A
href="http://192.17.200.79:1" target=_blank>192.17.200.79:1</A><BR>Nov
8 09:02:45 authpriv warn pluto[8242]: "test" #1: ERROR: asynchronous network
error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500,
complainant <A href="http://192.17.200.79" target=_blank>192.17.200.79</A>:
Connection refused [errno 146, origin ICMP type 3 code 3 (not<BR>Nov 8
09:02:51 authpriv warn pluto[8242]: "test" #4: no suitable connection for
peer '192.168.11.2'<BR>Nov 8 09:02:51 authpriv warn pluto[8242]:
"test" #4: sending encrypted notification INVALID_ID_INFORMATION to <A
href="http://192.17.200.79:1" target=_blank>192.17.200.79:1</A><BR>Nov
8 09:03:11 authpriv warn pluto[8242]: "test" #4: Main mode peer ID is
ID_IPV4_ADDR: '192.168.11.2'<BR>Nov 8 09:03:11 authpriv warn
pluto[8242]: "test" #4: no suitable connection for peer
'192.168.11.2'<BR>Nov 8 09:03:11 authpriv warn pluto[8242]: "test" #4:
sending encrypted notification INVALID_ID_INFORMATION to <A
href="http://192.17.200.79:1" target=_blank>192.17.200.79:1</A><BR>Nov
8 09:03:25 authpriv warn pluto[8242]: "test" #1: max number of
retransmissions (5) reached STATE_MAIN_I1. No response (or no
acceptable response) to our first IKE message<BR>Nov 8 09:03:25
authpriv warn pluto[8242]: "test" #5: initiating Main Mode to replace
#1<BR>Nov 8 09:03:25 authpriv warn pluto[8242]: "test" #5: ERROR:
asynchronous network error report on eth3.1 (sport=500) for message to
192.17.200.79 port 500, complainant <A href="http://192.17.200.79"
target=_blank>192.17.200.79</A>: Connection refused [errno 146, origin ICMP
type 3 code 3 (not<BR>Nov 8 09:03:51 authpriv warn pluto[8242]: packet
from <A href="http://192.17.200.79:1" target=_blank>192.17.200.79:1</A>:
received Vendor ID payload [Openswan (this version) 2.6.38 ]<BR>Nov 8
09:03:51 authpriv warn pluto[8242]: packet from <A
href="http://192.17.200.79:1" target=_blank>192.17.200.79:1</A>: received
Vendor ID payload [Dead Peer Detection]<BR>Nov 8 09:03:51 authpriv
warn pluto[8242]: "test" #6: responding to Main Mode<BR>Nov 8 09:03:51
authpriv warn pluto[8242]: "test" #6: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1<BR>Nov 8 09:03:51 authpriv warn pluto[8242]:
"test" #6: STATE_MAIN_R1: sent MR1, expecting MI2<BR>Nov 8 09:03:51
authpriv warn pluto[8242]: "test" #4: max number of retransmissions (2)
reached STATE_MAIN_R2<BR>Nov 8 09:03:55 authpriv warn pluto[8242]:
"test" #5: ERROR: asynchronous network error report on eth3.1 (sport=500)
for message to 192.17.200.79 port 500, complainant <A
href="http://192.17.200.79" target=_blank>192.17.200.79</A>: Connection
refused [errno 146, origin ICMP type 3 code 3 (not<BR>Nov 8 09:04:01
authpriv warn pluto[8242]: "test" #6: STATE_MAIN_R2: sent MR2, expecting
MI3<BR>Nov 8 09:04:01 authpriv warn pluto[8242]: "test" #6: Main mode
peer ID is ID_IPV4_ADDR: '192.168.11.2'<BR>Nov 8 09:04:01 authpriv
warn pluto[8242]: "test" #6: no suitable connection for peer
'192.168.11.2'<BR>Nov 8 09:04:01 authpriv warn pluto[8242]: "test" #6:
sending encrypted notification INVALID_ID_INFORMATION to <A
href="http://192.17.200.79:1" target=_blank>192.17.200.79:1</A></FONT></DIV>
<DIV>
<DIV class=h5>
<BLOCKQUOTE
style="BORDER-LEFT: #0000ff 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px"
dir=ltr>
<DIV style="FONT: 10pt 新細明體">----- Original Message ----- </DIV>
<DIV style="FONT: 10pt 新細明體; BACKGROUND: #e4e4e4"><B>From:</B> <A
title=ozai.tien@gmail.com href="mailto:ozai.tien@gmail.com"
target=_blank>Ozai</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>To:</B> <A title=users@lists.openswan.org
href="mailto:users@lists.openswan.org"
target=_blank>users@lists.openswan.org</A> </DIV>
<DIV style="FONT: 10pt 新細明體"><B>Sent:</B> Tuesday, November 05, 2013 6:17
PM</DIV>
<DIV style="FONT: 10pt 新細明體"><B>Subject:</B> NAT-Traversal issue</DIV>
<DIV><BR></DIV>
<DIV><FONT color=#0000ff face=Verdana>Hi Sirs,</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>I setup a openswan VPN
client behind the NAT.The test environment is as below.</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>It did not work.The traffic did not
seem to pass to server.</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>I got a message like "NAT-Traversal:
ESPINUDP(1) not supported by kernel for family IPv4".</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>It seem the NAT Traversal
issue.</FONT><FONT color=#0000ff face=Verdana>What kernel feature do I
need to enable?or anything else I need to check?</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana>Can someone point me in the
right direction?Please help,Thank's.</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana> 2.6.38
client--------------------NAT------------------ 2.6.38 Server</FONT></DIV>
<DIV><FONT color=#0000ff
face=Verdana>192.168.15.x 192.168.11.x
192.17.200.x
192.168.12.x</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>Nov 5 10:01:11 daemon err
ipsec_setup: Starting Openswan IPsec U2.6.38/K2.6.30...<BR>Nov 5
10:01:11 daemon err ipsec_setup: Using NETKEY(XFRM) stack<BR>Nov 5
10:01:13 authpriv err ipsec__plutorun: Starting Pluto
subsystem...<BR>Nov 5 10:01:13 user warn syslog: adjusting ipsec.d
to /var/ipsec.d<BR>Nov 5 10:01:13 authpriv warn pluto[11706]:
WARNING: 1DES is enabled<BR>Nov 5 10:01:13 authpriv warn
pluto[11706]: LEAK_DETECTIVE support [disabled]<BR>Nov 5 10:01:13
authpriv warn pluto[11706]: OCF support for IKE [disabled]<BR>Nov 5
10:01:13 authpriv warn pluto[11706]: NSS support [disabled]<BR>Nov 5
10:01:13 authpriv warn pluto[11706]: HAVE_STATSD notification support not
compiled in<BR>Nov 5 10:01:13 authpriv warn pluto[11706]: Setting
NAT-Traversal port-4500 floating to on<BR>Nov 5 10:01:13 authpriv
warn pluto[11706]: port floating activation criteria
nat_t=1/port_float=1<BR>Nov 5 10:01:13 authpriv warn
pluto[11706]: NAT-Traversal support
[enabled]<BR>Nov 5 10:01:13 authpriv warn pluto[11706]: using
/dev/urandom as source of random entropy<BR>Nov 5 10:01:13 daemon
err ipsec__plutorun: adjusting ipsec.d to /var/ipsec.d<BR>Nov 5
10:01:13 authpriv warn pluto[11706]: starting up 1 cryptographic
helpers<BR>Nov 5 10:01:13 authpriv warn pluto[11711]: using
/dev/urandom as source of random entropy<BR>Nov 5 10:01:13 authpriv
warn pluto[11706]: started helper pid=11711 (fd:6)<BR>Nov 5 10:01:13
daemon err ipsec_setup: ...Openswan IPsec started<BR>Nov 5 10:01:15
authpriv warn pluto[11706]: Could not change to directory
'/var/ipsec.d/cacerts': No such file or directory<BR>Nov 5 10:01:15
authpriv warn pluto[11706]: Could not change to directory
'/var/ipsec.d/aacerts': No such file or directory<BR>Nov 5 10:01:15
authpriv warn pluto[11706]: Could not change to directory
'/var/ipsec.d/ocspcerts': No such file or directory<BR>Nov 5
10:01:15 authpriv warn pluto[11706]: Could not change to directory
'/var/ipsec.d/crls': 2 No such file or directory<BR>Nov 5 10:01:15
authpriv warn pluto[11706]: added connection description
"test"<BR>Nov 5 10:01:15 daemon err ipsec__plutorun: 002 added
connection description "test"<BR>Nov 5 10:01:15 authpriv warn
pluto[11706]: listening for IKE messages<BR>Nov 5 10:01:15 authpriv
warn pluto[11706]: NAT-Traversal: ESPINUDP(1) not supported by kernel for
family IPv4<BR>Nov 5 10:01:15 authpriv warn pluto[11706]: adding
interface eth0.1/eth0.1 <A href="http://192.168.11.2:500"
target=_blank>192.168.11.2:500</A><BR>Nov 5 10:01:15 daemon err
ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) not supported by kernel
for family IPv4<BR>Nov 5 10:01:15 authpriv warn pluto[11706]:
NAT-Traversal: ESPINUDP(2) not supported by kernel for family
IPv4<BR>Nov 5 10:01:15 authpriv warn pluto[11706]: NAT-Traversal
port floating turned off<BR>Nov 5 10:01:15 daemon err
ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(2) not supported by kernel
for family IPv4<BR>Nov 5 10:01:15 authpriv warn pluto[11706]:
NAT-Traversal is turned OFF due to lack of KERNEL support:
0/0<BR>Nov 5 10:01:15 authpriv warn pluto[11706]: adding interface
eth0.1/eth0.1 <A href="http://192.168.11.2:4500"
target=_blank>192.168.11.2:4500</A><BR>Nov 5 10:01:15 authpriv warn
pluto[11706]: adding interface br0/br0 <A href="http://192.168.15.254:500"
target=_blank>192.168.15.254:500</A><BR>Nov 5 10:01:15 authpriv warn
pluto[11706]: adding interface lo/lo <A href="http://127.0.0.1:500"
target=_blank>127.0.0.1:500</A><BR>Nov 5 10:01:15 authpriv warn
pluto[11706]: adding interface lo/lo ::1:500<BR>Nov 5 10:01:15
authpriv warn pluto[11706]: loading secrets from
"/var/ipsec.secrets"<BR>Nov 5 10:01:17 authpriv warn pluto[11706]:
"test": deleting connection<BR>Nov 5 10:01:17 authpriv warn
pluto[11706]: added connection description "test"<BR>Nov 5 10:01:18
authpriv warn pluto[11706]: "test" #1: initiating Main Mode<BR>Nov 5
10:01:18 authpriv warn pluto[11706]: "test" #1: received Vendor ID payload
[Openswan (this version) 2.6.38 ]<BR>Nov 5 10:01:18 authpriv warn
pluto[11706]: "test" #1: received Vendor ID payload [Dead Peer
Detection]<BR>Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<BR>Nov 5
10:01:18 authpriv warn pluto[11706]: "test" #1: STATE_MAIN_I2: sent MI2,
expecting MR2<BR>Nov 5 10:01:18 authpriv warn pluto[11706]: "test"
#1: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<BR>Nov 5 10:01:18 authpriv warn pluto[11706]: "test"
#1: STATE_MAIN_I3: sent MI3, expecting MR3<BR>Nov 5 10:01:18
authpriv warn pluto[11706]: "test" #1: ignoring informational payload,
type INVALID_ID_INFORMATION msgid=00000000<BR>Nov 5 10:01:18
authpriv warn pluto[11706]: "test" #1: received and ignored informational
message</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><BR>config
setup<BR>
nat_traversal=yes<BR>
keep_alive=60<BR>
oe=off<BR>
protostack=netkey<BR>
interfaces=%defaultroute</DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff face=Verdana>conn
test<BR>
left=192.168.11.2<BR>
leftsubnet=<A href="http://192.168.15.0/24"
target=_blank>192.168.15.0/24</A><BR>
rightsubnet=<A href="http://192.168.12.0/24"
target=_blank>192.168.12.0/24</A><BR>
connaddrfamily=ipv4<BR>
right=192.17.200.110<BR>
ike=3des-md5;modp1024!<BR>
ikelifetime=480m<BR>
type=tunnel<BR>
salifetime=60m<BR>
phase2alg=3des-hmac_md5!<BR>
pfs=no<BR>
phase2=esp<BR>
keyexchange=ike<BR>
authby=secret<BR>
auto=add</FONT></DIV>
<DIV><FONT color=#0000ff face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff face=Verdana>Best Regards,</FONT></DIV>
<DIV><FONT color=#0000ff
face=Verdana>Ozai</FONT></DIV></BLOCKQUOTE></DIV></DIV></DIV><BR>_______________________________________________<BR><A
href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</A><BR><A
href="https://lists.openswan.org/mailman/listinfo/users"
target=_blank>https://lists.openswan.org/mailman/listinfo/users</A><BR>Micropayments:
<A href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy"
target=_blank>https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</A><BR>Building
and Integrating Virtual Private Networks with Openswan:<BR><A
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155"
target=_blank>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A><BR><BR></BLOCKQUOTE></DIV><BR><BR
clear=all><BR>-- <BR><SPAN
style="BORDER-COLLAPSE: collapse; FONT-FAMILY: Calibri,sans-serif; FONT-SIZE: 14px">****
DISCLAIMER ****<BR><BR>"This e-mail and any attachment thereto may contain
information which is confidential and/or protected by intellectual property
rights and are intended for the sole use of the recipient(s) named
above. <BR>Any use of the information contained herein (including, but
not limited to, total or partial reproduction, communication or distribution
in any form) by other persons than the designated recipient(s) is
prohibited. <BR>If you have received this e-mail in error, please notify
the sender either by telephone or by e-mail and delete the material from any
computer".<BR><BR>Thank you for your cooperation.</SPAN>
</DIV></BLOCKQUOTE></BODY></HTML>