[Openswan Users] NAT-T Help
petermcgill at goco.net
Fri Dec 1 12:48:58 EST 2006
On Nov 29, 2006, Paul Wouters wrote:
> On Tue, 28 Nov 2006, Peter McGill wrote:
> > I'm running Openswan 2.4.6 on Kernel 2.4.31.
> > I have 7+ offices linked using Openswan (without NAT-T).
> > They work great.
> > I added a L2TP/IPSec server connection to our main one
> (without NAT-T).
> > Again it works fine.
> > I wanted to add NAT-T support to that server so that
> employee's can access from home networks.
> > I enabled NAT-T in ipsec.conf.
> > config setup
> > nat_traversal=yes
> > .26.36.204/32,%v4:!172.17.1.152/32,%v4:!192.168.51.31/32
> > conn remote-client-to-london-office-server
> > rightsubnet=vhost:%no,%priv
> > I patched the kernel with the NAT-T patch.
> > cd /usr/src/linux-2.4.31; patch -p1 <
> > (Enabled NAT-T in config, recompiled, installed the new
> kernel and rebooted).
> > Everything appeared to go alright.
> > NAT-T support appears to be compiled in, as I don't see
> this in the log anymore.
> > Nov 28 15:52:13 sheridan pluto: NAT-Traversal:
> ESPINUDP(1) not supported by kernel for family IPv4
> > But now all my old office to office connections don't work.
> > They all get stuck on Main I1, initiating the connection
> (initiated from either end.)
> > But I don't see any error messages explaining what's wrong.
> > I checked my firewall logs (both ends) and it doesn't
> appear to be dropping anything.
> > Any suggestions?
> that should not happen. It seems there is a conflict in the
> > I don't need to compile NAT-T on all the servers do I?
> > That would be a real chore to synchronize.
> Can you give us an 'ipsec barf' when in that bad state?
I attached the barf output.
ipsec barf > natt_barf.txt 2>&1
I looked it over before sending this, but didn't see anything
That stood out to me. Thanks for looking into this.
Should I try upgrading to Openswan 2.4.7, does it work alright
With 2.4.x kernels, I read somewhere that there might be a problem,
Otherwise I would have upgraded before asking for help?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Users