[Openswan Users] ipsec verify
Giovani Moda - MR Informática
giovani at mrinformatica.com.br
Thu Dec 15 21:20:26 CET 2005
Hey folks,
I believe I found something that needs a tweak. I'm using openswan-2.4.5dr3,
and when I run ipsec verify, I get:
Version check and ipsec on-path [OK]
Linux Openswan 2.4.5dr3 (klips)
Checking for IPsec support in kernel [OK]
KLIPS detected, checking for NAT Traversal support [FAILED]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
It complains about no NAT-T support. But I know for a fact that NAT-T is
avaliable and working, as my log shows:
Dec 15 21:10:33 inet pluto[18928]: "inet-XP"[3] 192.168.1.3 #3:
NAT-Traversal: R
esult using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Dec 15 21:10:33 inet pluto[18928]: "inet-XP"[4] 192.168.1.3 #4:
STATE_QUICK_R2:
IPsec SA established {ESP=>0xdf84fe94 <0x6a492700 xfrm=3DES_0-HMAC_MD5
NATD=192.
168.1.3:4500 DPD=none}
I believe openswan-2.4.5dr3 'ipsec verify' can't detect the NAT-T support
correctly. It's more a cosmetic fault, but it could cause a lot of
confusion.
Giovani
More information about the Users
mailing list