[Openswan Users] klips with nat-t on a 2.4 kernel with the 26sec
backport?
Nate Carlson
natecars at natecarlson.com
Wed May 19 12:01:39 CEST 2004
On Tue, 18 May 2004, Michael Richardson wrote:
> Nate> Would it help if I set up a UML session for a developer which
> Nate> displays this problem?
>
> Yes.
OK; I've set up a Debian UML session. It's running a 2.4.26 kernel with
26sec support backported, and it includes the klips ipsec.o from CVS as of
a couple days ago. It's available at:
http://www.natecarlson.com/~natecars/openswan/openswan-test-uml.tar.gz
(warning: 245mb file).
Basically, extract the tarball, change to the openswan-test-uml directory,
run start-firewall.sh as root (sets up NAT rules for the UML to be able to
reach the 'net), and run ./start.sh as your user to boot the UML sesssion.
Assumes you have the uml_net helper available to set up the tuntap
interfaces.
After it's booted, either connect to the pts (screen /dev/pts/X, where X
is what the uml says it's bound to), or ssh to 10.0.0.1 as root. Root
password is 'root'. Configure a IPSec tunnel (if you need a host to
connect to that will trigger the problem, contact me offlist, and I can
set something up), and bring it up. NAT Traversal should give the UDP
Encaps errors.
Note that I didn't include a devel environment; should be easy to set one
up to build the openswan userland stuff (apt-get build-dep openswan,
extract sources, build); if you need the kernel sources (to rebuild
ipsec.o), let me know.
If there's anything else I can do to make it easier to troubleshoot, I'm
all ears. :)
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list