[Openswan Users] OpenSWAN - so dang hard to implement?! Help!

Doran Barton fozz at iodynamics.com
Mon Mar 1 11:36:13 CET 2004


Not long ago, Paul Wouters proclaimed...
> 
> > Also, if someone can tell me what I need to do, I'd be willing to build and
> > host RPMs for a variety of RH9 and FC1 kernels.
> 
> We are working on porting the build process for RPM's to our openswan 
> infrastructure. 

Good.

> Meanwhile, can you be more specific about what is going wrong?

I will provide any and all details if it will help. I'm sure you understand
that my frustration level has gotten to the point where I don't know
exactly where to start.

> Did you try and download openswan-2.0.0.tar.gz and use 'make rpm' ?

No, I didn't know about that... I gave up on trying to get 2.0.0 working
because I assumed NAT-T was not applied in 2.0.0. The reason I thought this
is because I installed the ATRPMs build of openswan 2.0.0 and when I put
"nat_traversal=yes" in ipsec.conf, I got errors:

  ipsec_setup: (/etc/ipsec.conf, line 27) unknown parameter name "nat_traversal" -- `restart' aborted

I also got errors like this:

  ipsec__plutorun: ipsec_auto: fatal error in "L2TP-CERT-orgWIN2KXP": (/etc/ipsec.conf, line 91) unknown parameter name "virtual_private"

I may be wrong, but this tells me the ATRPMs openswan 2.0.0 build doesn't
have the NAT-T code in it. Right?

So... is NAT-T really enabled by default (or enablable?) in openswan 2.0.0?
If I do a "make rpm" will I get RPMs that include NAT-T support? If so,
I'll have to kiss someone.

-- 
fozz at iodynamics.com is Doran L. Barton, president, Iodynamics LLC
Iodynamics: Linux solutions - Web development - Business connectivity
 "Do not activate with wet hands."
    -- A sign seen on an automatic restroom hand dryer


More information about the Users mailing list