[Openswan Users] klips with nat-t on a 2.4 kernel with the 26sec backport?

Nate Carlson natecars at natecarlson.com
Wed May 19 12:01:39 CEST 2004


On Tue, 18 May 2004, Michael Richardson wrote:
> Nate> Would it help if I set up a UML session for a developer which
> Nate> displays this problem?
> 
> Yes.

OK; I've set up a Debian UML session. It's running a 2.4.26 kernel with
26sec support backported, and it includes the klips ipsec.o from CVS as of
a couple days ago. It's available at:

http://www.natecarlson.com/~natecars/openswan/openswan-test-uml.tar.gz
(warning: 245mb file).

Basically, extract the tarball, change to the openswan-test-uml directory,
run start-firewall.sh as root (sets up NAT rules for the UML to be able to
reach the 'net), and run ./start.sh as your user to boot the UML sesssion.  
Assumes you have the uml_net helper available to set up the tuntap
interfaces.

After it's booted, either connect to the pts (screen /dev/pts/X, where X
is what the uml says it's bound to), or ssh to 10.0.0.1 as root. Root
password is 'root'. Configure a IPSec tunnel (if you need a host to
connect to that will trigger the problem, contact me offlist, and I can
set something up), and bring it up. NAT Traversal should give the UDP
Encaps errors.

Note that I didn't include a devel environment; should be easy to set one
up to build the openswan userland stuff (apt-get build-dep openswan,
extract sources, build); if you need the kernel sources (to rebuild
ipsec.o), let me know.

If there's anything else I can do to make it easier to troubleshoot, I'm 
all ears. :)

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------


More information about the Users mailing list