[Openswan Users] crash with NAT-T
marcos at v2r.com.br
marcos at v2r.com.br
Wed Feb 23 00:38:18 CET 2005
Hello,
I use openswan-2.2.1 in a two linux with kernel 2.4.49 .
First, I don't use a nat-t patch, and all works fine.
But now I need to mount a VPN with a XP NATed.
I path the kernel (whit an manual fuzz in sock.h), install, reboot and...
give some errors...
Feb 22 23:43:55 FWE ipsec__plutorun: Starting Pluto subsystem...
Feb 22 23:43:56 FWE pluto[402]: Starting Pluto (Openswan Version 2.2.1
X.509-1.5.4 PLUTO_USES_KEYRR)
Feb 22 23:43:56 FWE pluto[402]: including NAT-Traversal patch (Version
0.6c)
Feb 22 23:43:56 FWE pluto[402]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Feb 22 23:43:56 FWE pluto[402]: Using KLIPS IPsec interface code
Feb 22 23:43:56 FWE pluto[402]: ERROR: pfkey write() of SADB_REGISTER
message 1 for AH failed. Errno 93: Protocol not supported
Feb 22 23:43:56 FWE pluto[402]: | 02 07 00 02 02 00 00 00 01 00 00 00
92 01 00 00
Feb 22 23:43:56 FWE pluto[402]: no KLIPS support for AH
Feb 22 23:43:56 FWE pluto[402]: ERROR: pfkey write() of SADB_REGISTER
message 2 for ESP failed. Errno 93: Protocol not supported
Feb 22 23:43:56 FWE pluto[402]: | 02 07 00 03 02 00 00 00 02 00 00 00
92 01 00 00
Feb 22 23:43:56 FWE pluto[402]: no KLIPS support for ESP
Feb 22 23:43:56 FWE pluto[402]: ERROR: pfkey write() of SADB_REGISTER
message 3 for IPCOMP failed. Errno 93: Protocol not supported
Feb 22 23:43:56 FWE pluto[402]: | 02 07 00 0a 02 00 00 00 03 00 00 00
92 01 00 00
Feb 22 23:43:56 FWE pluto[402]: no KLIPS support for IPCOMP
Feb 22 23:43:56 FWE pluto[402]: ERROR: pfkey write() of SADB_REGISTER
message 4 for IPIP failed. Errno 93: Protocol not supported
Feb 22 23:43:56 FWE pluto[402]: | 02 07 00 09 02 00 00 00 04 00 00 00
92 01 00 00
Feb 22 23:43:56 FWE pluto[402]: no KLIPS support for IPIP
Feb 22 23:43:56 FWE pluto[402]: Changing to directory '/etc/ipsec.d/cacerts'
Feb 22 23:43:56 FWE pluto[402]: loaded CA cert file 'xxxx-ca.pem' (1237
bytes)
Feb 22 23:43:56 FWE pluto[402]: loaded CA cert file 'xxxxca-cert.pem'
(1233 bytes)
Feb 22 23:43:56 FWE pluto[402]: Could not change to directory
'/etc/ipsec.d/aacerts'
Feb 22 23:43:56 FWE pluto[402]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Feb 22 23:43:56 FWE pluto[402]: Changing to directory '/etc/ipsec.d/crls'
Feb 22 23:43:56 FWE pluto[402]: Warning: empty directory
Feb 22 23:43:56 FWE pluto[402]: listening for IKE messages
Feb 22 23:43:56 FWE pluto[402]: adding interface ipsec0/eth0 200.x.x.x
Feb 22 23:43:56 FWE pluto[402]: adding interface ipsec0/eth0
200.236.149.1:4500
Feb 22 23:43:56 FWE pluto[402]: loading secrets from "/etc/ipsec.secrets"
Feb 22 23:43:56 FWE pluto[402]: loaded private key file
'/etc/ipsec.d/private/FWE31-5A58.ipsec.key' (1708 bytes)
then, I try to restart ipsec and I loose the control... The machine hangs!!
So, that is a remote machine... maybe in a 8 hours I can reboot it (manual
power reset).
One think: I not recompile openswan, after patch the kernel with nat-t.
Any ideas?
TIA,
Marcos Tadeu
More information about the Users
mailing list