[Openswan Users] NAT Traversal

Werner Otto werner.otto at thecloud.net
Wed Mar 30 18:23:15 CEST 2005 

I forgot to mention my ipsec.conf settings:

 

config setup

        myid=194.42.124.12

        interfaces=ipsec0=eth0

        forwardcontrol=yes

        syslog=daemon.error

        klipsdebug="eroute spi esp"

        plutodebug="crypt control lifecycle klips"

        plutoopts="--perpeerlog --interface eth0"

        dumpdir=/home/wotto/

        pluto=yes

        plutowait=no

        fragicmp=yes

        hidetos=yes

        uniqueids=yes

        overridemtu=1440

        nat_traversal=yes

 

Connection profile

conn SeBH0-to-localnet

        type=tunnel

        left=194.42.124.12

        leftsubnet=0.0.0.0/0

        leftnexthop=194.42.124.1

        right=%any

        rightsubnet=10.31.128.64/26

        keyexchange=ike

        auto=add

        auth=esp

        authby=secret

        rightid=@cloud.net

        dpddelay=660

        dpdtimeout=900

        dpdaction=clear

        pfs=yes

        keylife=60m

        rekey=yes

        rekeymargin=5m

        rekeyfuzz=100%

        keyingtries=1

        ikelifetime=480m

        compress=yes

        disablearrivalcheck=no

        failureshunt=drop

________________________________

From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Werner Otto
Sent: 30 March 2005 17:21
To: users at openswan.org
Subject: [Openswan Users] NAT Traversal

 

Hi All,

 

I am posting my first issue regarding OpenSwan 2.2.0. I installed it on
Fedora Core 3 2.6.9 kernel. I am getting messages regarding
draft-ietf-ipsec-nat-t-ike-03, draft-ietf-ipsec-nat-t-ike-02_n, these
messages relate to negotiating Nat-Traversal in the IKE. 

 

I am trying to get ESP packets from a Cisco SOHO 91 situated at
corporate A behind a Nokia Checkpoint Firewall to my VPN server as
listed above. 

 

When doing a packet trace on the public ip:

17:16:50.481456 IP 80.168.199.87 > 194.42.124.12:
ESP(spi=0x21fba68e,seq=0x5f2)

17:16:50.481618 IP 194.42.124.12 > 80.168.199.87:
ESP(spi=0xb86821fc,seq=0x63d)

 

I am getting ESP packets instead of UDP encapsulated ones. 

 

My question:

How do I enable udp encapsulation on my server

 

Regards

Werner

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050330/dfacc0dd/attachment-0001.htm

More information about the Users mailing list