[Openswan Users] crash with NAT-T

marcos at v2r.com.br marcos at v2r.com.br
Wed Feb 23 00:38:18 CET 2005 

Hello,

I use openswan-2.2.1 in a two linux with kernel 2.4.49 .
First, I don't use a nat-t patch, and all works fine.

But now I need to mount a VPN with a XP  NATed.

I path the kernel (whit an manual fuzz in sock.h), install, reboot and...
give some errors...

Feb 22 23:43:55 FWE ipsec__plutorun: Starting Pluto subsystem...
Feb 22 23:43:56 FWE pluto[402]: Starting Pluto (Openswan Version 2.2.1
X.509-1.5.4 PLUTO_USES_KEYRR)
Feb 22 23:43:56 FWE pluto[402]:   including NAT-Traversal patch (Version
0.6c)
Feb 22 23:43:56 FWE pluto[402]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Feb 22 23:43:56 FWE pluto[402]: Using KLIPS IPsec interface code
Feb 22 23:43:56 FWE pluto[402]: ERROR: pfkey write() of SADB_REGISTER
message 1 for AH  failed. Errno 93: Protocol not supported
Feb 22 23:43:56 FWE pluto[402]: |   02 07 00 02  02 00 00 00  01 00 00 00 
92 01 00 00
Feb 22 23:43:56 FWE pluto[402]: no KLIPS support for AH
Feb 22 23:43:56 FWE pluto[402]: ERROR: pfkey write() of SADB_REGISTER
message 2 for ESP  failed. Errno 93: Protocol not supported
Feb 22 23:43:56 FWE pluto[402]: |   02 07 00 03  02 00 00 00  02 00 00 00 
92 01 00 00
Feb 22 23:43:56 FWE pluto[402]: no KLIPS support for ESP
Feb 22 23:43:56 FWE pluto[402]: ERROR: pfkey write() of SADB_REGISTER
message 3 for IPCOMP  failed. Errno 93: Protocol not supported
Feb 22 23:43:56 FWE pluto[402]: |   02 07 00 0a  02 00 00 00  03 00 00 00 
92 01 00 00
Feb 22 23:43:56 FWE pluto[402]: no KLIPS support for IPCOMP
Feb 22 23:43:56 FWE pluto[402]: ERROR: pfkey write() of SADB_REGISTER
message 4 for IPIP  failed. Errno 93: Protocol not supported
Feb 22 23:43:56 FWE pluto[402]: |   02 07 00 09  02 00 00 00  04 00 00 00 
92 01 00 00
Feb 22 23:43:56 FWE pluto[402]: no KLIPS support for IPIP
Feb 22 23:43:56 FWE pluto[402]: Changing to directory '/etc/ipsec.d/cacerts'
Feb 22 23:43:56 FWE pluto[402]:   loaded CA cert file 'xxxx-ca.pem' (1237
bytes)
Feb 22 23:43:56 FWE pluto[402]:   loaded CA cert file 'xxxxca-cert.pem'
(1233 bytes)
Feb 22 23:43:56 FWE pluto[402]: Could not change to directory
'/etc/ipsec.d/aacerts'
Feb 22 23:43:56 FWE pluto[402]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Feb 22 23:43:56 FWE pluto[402]: Changing to directory '/etc/ipsec.d/crls'
Feb 22 23:43:56 FWE pluto[402]:   Warning: empty directory
Feb 22 23:43:56 FWE pluto[402]: listening for IKE messages
Feb 22 23:43:56 FWE pluto[402]: adding interface ipsec0/eth0 200.x.x.x
Feb 22 23:43:56 FWE pluto[402]: adding interface ipsec0/eth0
200.236.149.1:4500
Feb 22 23:43:56 FWE pluto[402]: loading secrets from "/etc/ipsec.secrets"
Feb 22 23:43:56 FWE pluto[402]:   loaded private key file
'/etc/ipsec.d/private/FWE31-5A58.ipsec.key' (1708 bytes)


then, I try to restart ipsec and I loose the control... The machine hangs!!
So, that is a remote machine... maybe in a 8 hours I can reboot it (manual
power reset).

One think: I not recompile openswan, after patch the kernel with nat-t.

Any ideas?

TIA,
Marcos Tadeu

More information about the Users mailing list