[Openswan Users] cannot respond to IPsec SA request
Jacco de Leeuw
jacco2 at dds.nl
Tue Mar 21 17:28:21 CET 2006
Remko Muis wrote:
> That has been taken care of:
> Mar 21 16:06:32 Marnix pluto: including NAT-Traversal patch
> (Version 0.6c)
The patch for NATed servers in transport mode has not been included in
the Mathieu Lafon's NAT-T patch or in Openswan. So that log message is
not an indication that it is included. You need to add that patch
yourself and recompile Openswan.
>> The NAT-T patch does not support this for PSKs. You may need to
>> switch to certificates.
> Ah, that fills a gap in my knowledge. But changing to
I'm not sure if this will work either. What I meant to say is that
that conn section will probably be rejected. Check out the startup
log messages of Openswan.
> I will definitely switch to certificates sometime, but for now I have to
> stick to PSKs.
Does it work when there is no NAT?
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users