[Openswan Users] ipsec verify

Giovani Moda - MR Informática giovani at mrinformatica.com.br
Thu Dec 15 21:20:26 CET 2005

Hey folks,

I believe I found something that needs a tweak. I'm using openswan-2.4.5dr3, 
and when I run ipsec verify, I get:

Version check and ipsec on-path                                 [OK]
Linux Openswan 2.4.5dr3 (klips)
Checking for IPsec support in kernel                            [OK]
KLIPS detected, checking for NAT Traversal support              [FAILED]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]

It complains about no NAT-T support. But I know for a fact that NAT-T is 
avaliable and working, as my log shows:

Dec 15 21:10:33 inet pluto[18928]: "inet-XP"[3] #3: 
NAT-Traversal: R
esult using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed

Dec 15 21:10:33 inet pluto[18928]: "inet-XP"[4] #4: 
IPsec SA established {ESP=>0xdf84fe94 <0x6a492700 xfrm=3DES_0-HMAC_MD5 
168.1.3:4500 DPD=none}

I believe openswan-2.4.5dr3 'ipsec verify' can't detect the NAT-T support 
correctly. It's more a cosmetic fault, but it could cause a lot of 


More information about the Users mailing list