[Openswan Users]
Greg Scott
GregScott at InfraSupportEtc.com
Sat Jul 22 22:55:47 CEST 2006
Comparing an ipsec.conf from a known good working tunnel config using
2.4.27 and KLIPS, versus my problem tunnel with fc5 and 2.6.17.2 and
netkey, the only real difference I see is nat_traversal=yes. Even
though I am not doing any NAT-T, I commented that line out, but no
change in behavior. I don't specify type=tunnel - but this is supposed
to be default behavior. Could there be some new default behavior that
sends packets in the clear now, unless some policy says otherwise? I
noticed a bunch of template .conf files in /etc/ipsec.d with some conn
definitions in no_oe.conf refering to essentially blank files in
/etc/ipsec.d/policies. Paul's Openswan book says these are for OE - and
I'm not doing OE so they shouldn't be relevant. But still....
Another thought - what if I built this kernel wrong? But if I built
the kernel wrong, I would not see those SA established messages in
/var/log/secure, right? Still, I will try this later on with the
original fc5 kernel and see if any change in behavior.
- Greg
More information about the Users
mailing list