[Openswan Users] Re: Help with WinXP behind NAT as client
Paul Wouters
paul at xelerance.com
Wed Mar 24 19:33:57 CET 2004
On Wed, 24 Mar 2004, Leonard Tulipan wrote:
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> uniqueids=yes
I don't see a line nat_traversal=yes
> Now with freeswan I still saw packaged arriving at the fw. with openswan I only get (in /var/log/secure):
>
> Mar 24 16:18:41 firewall ipsec__plutorun: Restarting Pluto subsystem...
> Mar 24 16:18:41 firewall pluto[16161]: Starting Pluto (Openswan Version 2.1.1 X.509-1.4.8 PLUTO_USES_KEYRR)
> Mar 24 16:18:41 firewall pluto[16161]: including NAT-Traversal patch (Version 0.6c) [disabled]
> Mar 24 16:18:41 firewall pluto[16161]: Using KLIPS IPsec interface code
> Mar 24 16:18:41 firewall pluto[16161]: Changing to directory '/etc/ipsec.d/cacerts'
> Mar 24 16:18:41 firewall pluto[16161]: loaded cacert file 'cacert.pem' (1180 bytes)
> Mar 24 16:18:41 firewall pluto[16161]: Changing to directory '/etc/ipsec.d/crls'
> Mar 24 16:18:41 firewall pluto[16161]: loaded crl file 'crl.pem' (633 bytes)
>
> So can anybody help me out of this one?
You might be experiencing the "crl.pem" bug. Try removing the crl.pem file and see
if it starts correctly then. We are currently tracing the memory problem with the
crl.pem parser.
Paul
More information about the Users
mailing list