[Openswan Users] verify e nat-t support

sasa sasa at shoponweb.it
Wed Feb 7 09:28:50 EST 2007 

"Paul Wouters" wrote:
> which version of openswan is that? I believe in 2.4.5 it was mistakenly
> checking for nat-t while support for detecting nat-t was not in that
> version of klips.

..sorry, I use 2.4.7

> You can also see if nat-t is working by looking at the ipsec start logs.
> You will see something like:
>
> Feb  6 19:27:35 newpack ipsec__plutorun: Starting Pluto subsystem...
> Feb  6 19:27:35 newpack pluto[4186]: Starting Pluto (Openswan Version 
> 2.4.4 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID 
> OEz}FFFfgr_e)
> Feb  6 19:27:35 newpack pluto[4186]: Setting NAT-Traversal port-4500 
> floating to on
> Feb  6 19:27:35 newpack pluto[4186]:    port floating activation criteria 
> nat_t=1/port_fload=1
> Feb  6 19:27:35 newpack pluto[4186]:   including NAT-Traversal patch 
> (Version 0.6c)
>
> If you see [disabled] it means you didnt specify nat_traversal=yes

I view:

Feb  7 15:22:50 fw ipsec__plutorun: Starting Pluto subsystem...
Feb  7 15:22:50 fw pluto[2587]: Starting Pluto (Openswan Version 2.4.7 
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
Feb  7 15:22:51 fw pluto[2587]: Setting NAT-Traversal port-4500 floating to 
on
Feb  7 15:22:52 fw pluto[2587]:    port floating activation criteria 
nat_t=1/port_fload=1
Feb  7 15:22:52 fw pluto[2587]:   including NAT-Traversal patch (Version 
0.6c)
Feb  7 15:22:52 fw pluto[2587]: ike_alg_register_enc(): Activating 
OAKLEY_AES_CBC: Ok (ret=0)
Feb  7 15:22:52 fw pluto[2587]: no helpers will be started, all 
cryptographic operations will be done inline
Feb  7 15:22:52 fw pluto[2587]: Using KLIPS IPsec interface code on 
2.4.22-1.2199.nptl_53.rhfc1.at
Feb  7 15:22:52 fw pluto[2587]: Changing to directory '/etc/ipsec.d/cacerts'
Feb  7 15:22:52 fw pluto[2587]: Changing to directory '/etc/ipsec.d/aacerts'
Feb  7 15:22:52 fw pluto[2587]: Changing to directory 
'/etc/ipsec.d/ocspcerts'
Feb  7 15:22:52 fw pluto[2587]: Changing to directory '/etc/ipsec.d/crls'
Feb  7 15:22:52 fw pluto[2587]:   Warning: empty directory
Feb  7 15:22:52 fw pluto[2587]: added connection description "frattacis"
Feb  7 15:22:52 fw pluto[2587]: listening for IKE messages
Feb  7 15:22:52 fw pluto[2587]: adding interface ipsec0/eth0 
82.104.xxx.xxx:500
Feb  7 15:22:52 fw pluto[2587]: adding interface ipsec0/eth0 
82.104.xxx.xxx:4500
Feb  7 15:22:52 fw pluto[2587]: loading secrets from "/etc/ipsec.secrets"

..so it's all ok ??
thanks.

------
Salvatore.

More information about the Users mailing list