[Openswan Users] Bug 677 - NAT-T with NETKEY not working (2.6.19 kernel)
Paul Wouters
paul at xelerance.com
Tue Feb 13 11:06:15 EST 2007
On Tue, 13 Feb 2007, Mike Horn wrote:
> Subject: [Openswan Users] Bug 677 - NAT-T with NETKEY not working (2.6.19
> kernel)
>
> We are using Openswan 2.4.6 with a 2.6.19 kernel with NETKEY. We are seeing
> the same behavior as that reported in bug 677 where there is a NAT device
> between the two Openswan gateways. The endpoints detect the NAT and setup a
> UDP encapsulated tunnel, but when traffic is sent over the tunnel it is
> encrypted on the sender's side and arrives at the receivers side, but the
> packets are not decrypted.
Unfortunately, NETKEY has no debugging facility like KLIPS. Are you sure that
you don't have a NAT device with IPsec passthrough that is trying to "help"
you?
> It appears that there were no fixes for bug 677, the user just used a
> different kernel (2.6.18.1). Is there some additional debugging information
> that I can provide to try and get to the bottom of why this seems to only
> happen with some kernels?
You might want to run ipsec verify on both ends and see what it says.
I haven't had the chance to run openswan on 2.6.18+ yet myself.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list