RES: [Openswan Users] kernel 2.6 + openswan 2.4.5 = not NAT-T support
Domingo Antonio
domingo at netcomp.com.br
Thu Apr 13 14:18:56 CEST 2006
yes i did it, but when i run ipsec verify command...
Version check and ipsec on-path [OK]
Linux Openswan 2.4.5rc7 (klips)
Checking for IPsec support in kernel [OK]
KLIPS detected, checking for NAT Traversal support [FAILED]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
does this patch create a /proc/net/ipsec/natt directory?
in my /proc/net/ipsec/ there is no natt dir..
:(
thanks a lot!!!
-----Mensagem original-----
De: Paul Wouters [mailto:paul at xelerance.com]
Enviada em: quinta-feira, 13 de abril de 2006 13:16
Para: Domingo Antonio
Cc: Users at openswan.org
Assunto: Re: [Openswan Users] kernel 2.6 + openswan 2.4.5 = not NAT-T
support
On Thu, 13 Apr 2006, Domingo Antonio wrote:
> I have a kernel 2.6.16 and openswan 2.4.5
> I have been applied openswan-2.4.5rc7.kernel-2.6-klips.patch and
> openswan-2.4.5rc7.kernel-2.6-natt.patch, but there is no NAT-T entry
> in /proc/net/ipsec/natt... when i run ipsec verify commando i get
> FAILED in nat traversal support...
Did you run "make oldconfig" in the linux tree and answer "yes" to the new
option CONFIG_IPSEC_NAT_TRAVERSAL ?
Note that there is also a bug in the udp checksum handling when openswan is
behind NAT. See http://bugs.xelerance.com/view.php?id=601 for a workaround.
Paul
More information about the Users
mailing list