Fwd: Re: [Openswan Users] Cannot ping hosts behind OpenSWAN host

[Paul Wouters]

On Thu, 23 Feb 2006, Jason Martin wrote:

> I did assume that, and I've compiled a new 2.6.15.4 kernel with the NAT-T
> patch. A strange thing though, with the patch and KLIPS, ipsec verify still
> says that KLIPS is detected, but NAT Traversal support failed.

That is not entirely strange. If you are using a version of klips that is
older then the userland, then the userland might not be able to detect the
nat capability.

> Also, if I use netkey, I can get the windows client to reply to two pings
> after a "Negotiating IP Security" message, but then all pings afterwards time
> out.

Seems like the connection is torn down again for some reason. This should be
in the logs on either the openswan machine, or more likely, the Windows machine.
For Windows logs, you need to enable the OAKLEY.LOG logging.

Paul
--