[Openswan Users] Openswan, NAT-T Xauth Sonicwall

Rick Knight rick_knight at rlknight.com
Tue Jun 19 14:54:43 EDT 2007 

Aaron,

I've followed that howto and I still cannot connect. The only thing he 
has that I don't is the IPSec patches applied.  I am assuming he means 
the linux-patch-openswan patches because they do patch IPSec to handle 
NAT-T. I'll wait to hear from you tomorrow about your kernel.

Thanks again,
Rick Knight

Aaron Kincer wrote:
> When I get home later, I will. For now, check out this:
>
> http://lists.openswan.org/pipermail/users/2007-March/012092.html
>
> The only thing you don't need to do is install Racoon. The rest is 
> spot on
> how I got it working.
>
> On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
>>
>> Aaron,
>>
>> Thanks for your reply. Xauth may be an issue, but I don't get that far.
>> When I try to connect I get through phase 1 and then I get messages like
>> these...
>>
>> Warning - VPN IKE -     Received unencrypted packet while crypto active
>> Warning - VPN IKE -     Received notify: PAYLOAD_MALFORMED
>>
>> I've spent some time with SonicWall tech support and they think the
>> problem is NAT-T related. I've read all the docs I can find on NAT-T
>> support for Ubuntu and Debian, and as far as I can tell, my kernel does
>> not have it. Do you have the full kernel installed? Can you run make
>> xconfig and check if NAT-T support is available?
>>
>> Thanks again,
>> Rick Knight
>>
>> Aaron Kincer wrote:
>> > I'm running Feisty with that version now with Sonicwall and NAT-T 
>> works
>> > fine. XAUTH, however, does not. If you are having issues, that is
>> > probably
>> > it if all other things are configured correctly.
>> >
>> > On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
>> >>
>> >> I'm still trying to connect my linux boxes to our Sonicwall VPN. I 
>> need
>> >> to use NAT-T and, as far as I can tell, the Ubuntu kernel (ver
>> >> 2.6.20-16) does not include the required NAT-T kernel patches. I have
>> >> tried to apply these patches without success for 2 days now. Has 
>> anyone
>> >> been able to get the NAT-T patches to apply to the Ubuntu (or Debian)
>> >> kernel?
>> >>
>> >> Thanks for any help,
>> >> Rick Knight
>> >> _______________________________________________
>> >> Users at openswan.org
>> >> http://lists.openswan.org/mailman/listinfo/users
>> >> Building and Integrating Virtual Private Networks with Openswan:
>> >>
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>> >>
>>
>>

More information about the Users mailing list