[Openswan Users] Re: [NAT-T] one side thinks "established",
the other...doesn't.
Ken Bantoft
ken at xelerance.com
Sun Jul 4 15:41:57 CEST 2004
On Fri, 2 Jul 2004 pw at linuxops.net wrote:
> Quoting Marcus Better <marcus+keyword+openswan.0a8cde at dactylis.com>:
>
> >
> > Ferdinand O. Tempel wrote:
> >
> > > However, looking on the other end (10.100.100.1, server), it doesn't get
> > > any further than STATE_QUICK_R1:
> >
> > It's the exact same problem I have with NAT (see
> > http://lists.openswan.org/pipermail/users/2004-June/001458.html).
> >
> > It seems that either something changed in Openswan, or in recent 2.6
> > kernels.
> >
> > I would be very interested in any solutions.
>
> Oi, indeed exactly the same problem. I must have missed your post, else a "me
> too!" would have sufficed. You're also using 2.6.6, and you have been using
> openswan-2.1.2 in both the working and non-working situations, right? So, it'd
> be safe to say that this is likely a kernel issue rather then a pluto thing.
> Does anyone on this list have NAT-T on 2.6 working, and would that someone be so
> kind to post his kernel revision, so I can try to get a working state? And maybe
> go from there with tracking down the change that breaks things. In fact, has
> anyone actually gotten NAT-T to work with 2.6/openswan *at all*? And was that
NAT working fine, 2.6.5 (FC2 kernel) as initatior, with Openswan 1.x as
respondor. Using 2.1.x, and 2.2.x tree. Even have forceencaps=yes on
for the 2.2 testing, and it works great.
> with a 2.6 initiator/responder or was 2.4 somewhere in play still? Or racoon,
> maybe? Details, I need details, so I can get this working, so I can test if my
> changes to KLIPS make NAT-T work for 2.6/KLIPS too :)
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
More information about the Users
mailing list