[Openswan Users] ipsec verify on openswan 2.4.5

Rob Hasselbaum rhasselbaum at alumni.ithaca.edu
Tue Apr 25 21:23:40 CEST 2006


I am having the exact same problem with kernel 2.6.16. I applied the NAT-T
patch, ran make oldconfig and menuconfig to enable the NAT-T option, built
and booted into the new kernel, unloaded the NETKEY modules and loaded the
ipsec one. But I get the same failure in ipsec verify.



I did not apply the KLIPS patch to the kernel. As I understand it, it's only
needed if you don't want to load KLIPS as a module, right?

 

  _____  

From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Trevor Benson
Sent: Tuesday, April 25, 2006 5:48 PM
To: users at openswan.org
Subject: [Openswan Users] ipsec verify on openswan 2.4.5

 

Is it possible that the ipsec verify on a 2.6.15.10 kernel might not report
the nat traversal properly?  I have rebuilt the kernel a few times, and
verified the .config file has the CONFIG_IPSEC_NAT_TRAVERSAL=y.  But each
time I install it and reboot and run ipsec verify it just repots back:

 

KLIPS detected, checking for NAT Traversal support              [FAILED]

 

I suppose I could have messed up the build, but this is the 3rd run through
it.  And logs from the first build showed:

 

Apr 24 12:33:16 office1 pluto[5070]: | NAT-T: new mapping
64.142.7.188:500/4500)

 

Although nat_traversal=yes is set in the ipsec.conf file.  So not sure if it
would post that even if kernel support was not there.

 

 

Just want to double check before banging my head away on this kernel some
more.

 

Trevor

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060425/fb7e0274/attachment-0001.htm


More information about the Users mailing list