[Openswan Users] Bug 677 - NAT-T with NETKEY not working (2.6.19 kernel)
Mike Horn
lists at caddisconsulting.com
Tue Feb 13 18:21:12 EST 2007
Hi Paul,
Looks like this is completely dependent on the kernel version. I couldn't
get any of the 2.6.19 kernels to work, but the 2.6.20 kernel works just
fine. I wonder what is changing under the covers that is causing this to
break?
-mike
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Tuesday, February 13, 2007 9:06 AM
> To: Mike Horn
> Cc: Users at openswan.org
> Subject: Re: [Openswan Users] Bug 677 - NAT-T with NETKEY not
> working (2.6.19 kernel)
>
> On Tue, 13 Feb 2007, Mike Horn wrote:
>
> > Subject: [Openswan Users] Bug 677 - NAT-T with NETKEY not
> working (2.6.19
> > kernel)
> >
> > We are using Openswan 2.4.6 with a 2.6.19 kernel with
> NETKEY. We are
> > seeing the same behavior as that reported in bug 677 where
> there is a
> > NAT device between the two Openswan gateways. The endpoints detect
> > the NAT and setup a UDP encapsulated tunnel, but when
> traffic is sent
> > over the tunnel it is encrypted on the sender's side and arrives at
> > the receivers side, but the packets are not decrypted.
>
> Unfortunately, NETKEY has no debugging facility like KLIPS.
> Are you sure that you don't have a NAT device with IPsec
> passthrough that is trying to "help"
> you?
>
> > It appears that there were no fixes for bug 677, the user
> just used a
> > different kernel (2.6.18.1). Is there some additional debugging
> > information that I can provide to try and get to the bottom of why
> > this seems to only happen with some kernels?
>
> You might want to run ipsec verify on both ends and see what it says.
>
> I haven't had the chance to run openswan on 2.6.18+ yet myself.
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155
>
>
More information about the Users
mailing list