[Openswan Users] verify e nat-t support
Paul Wouters
paul at xelerance.com
Wed Feb 7 08:57:27 EST 2007
On Wed, 7 Feb 2007, sasa wrote:
> Hi, I have a kernel 2.4 with patch nat-t & klips and in ipsec.conf I have:
> nat_traversal=yes
>
> ..but when run:
> #ipsec verify
>
> I don't view "KLIPS detected, Checking for NAT Traversal support", I have a
> problem with NAT Traversal support or is normal that I don't view this
> wording in "ipsec verify".
which version of openswan is that? I believe in 2.4.5 it was mistakenly
checking for nat-t while support for detecting nat-t was not in that
version of klips.
You can also see if nat-t is working by looking at the ipsec start logs.
You will see something like:
Feb 6 19:27:35 newpack ipsec__plutorun: Starting Pluto subsystem...
Feb 6 19:27:35 newpack pluto[4186]: Starting Pluto (Openswan Version 2.4.4 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEz}FFFfgr_e)
Feb 6 19:27:35 newpack pluto[4186]: Setting NAT-Traversal port-4500 floating to on
Feb 6 19:27:35 newpack pluto[4186]: port floating activation criteria nat_t=1/port_fload=1
Feb 6 19:27:35 newpack pluto[4186]: including NAT-Traversal patch (Version 0.6c)
If you see [disabled] it means you didnt specify nat_traversal=yes
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list