[Openswan Users]

Greg Scott GregScott at InfraSupportEtc.com
Sat Jul 22 22:55:47 CEST 2006

Comparing an ipsec.conf from a known good working tunnel config using
2.4.27 and KLIPS, versus my problem tunnel with fc5 and and
netkey, the only real difference I see is nat_traversal=yes.  Even
though I am not doing any NAT-T, I commented that line out, but no
change in behavior.  I don't specify type=tunnel - but this is supposed
to be default behavior.  Could there be some new default behavior that
sends packets in the clear now, unless some policy says otherwise?  I
noticed a bunch of template .conf files in /etc/ipsec.d with some conn
definitions in no_oe.conf refering to essentially blank files in
/etc/ipsec.d/policies.  Paul's Openswan book says these are for OE - and
I'm not doing OE so they shouldn't be relevant.  But still....

Another thought - what if I built this kernel wrong?   But if I built
the kernel wrong, I would not see those SA established messages in
/var/log/secure, right?  Still, I will try this later on with the
original fc5 kernel and see if any change in behavior.  

- Greg

More information about the Users mailing list