[Openswan Users] Openswan, NAT-T Xauth Sonicwall

Aaron Kincer kincera at gmail.com
Tue Jun 19 15:01:15 EDT 2007


In that thread, "he" is me and yes, that's the patch I'm talking about. 
Is there a reason you haven't applied that patch?

Rick Knight wrote:
> Aaron,
>
> I've followed that howto and I still cannot connect. The only thing he 
> has that I don't is the IPSec patches applied.  I am assuming he means 
> the linux-patch-openswan patches because they do patch IPSec to handle 
> NAT-T. I'll wait to hear from you tomorrow about your kernel.
>
> Thanks again,
> Rick Knight
>
> Aaron Kincer wrote:
>> When I get home later, I will. For now, check out this:
>>
>> http://lists.openswan.org/pipermail/users/2007-March/012092.html
>>
>> The only thing you don't need to do is install Racoon. The rest is 
>> spot on
>> how I got it working.
>>
>> On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
>>>
>>> Aaron,
>>>
>>> Thanks for your reply. Xauth may be an issue, but I don't get that far.
>>> When I try to connect I get through phase 1 and then I get messages 
>>> like
>>> these...
>>>
>>> Warning - VPN IKE -     Received unencrypted packet while crypto active
>>> Warning - VPN IKE -     Received notify: PAYLOAD_MALFORMED
>>>
>>> I've spent some time with SonicWall tech support and they think the
>>> problem is NAT-T related. I've read all the docs I can find on NAT-T
>>> support for Ubuntu and Debian, and as far as I can tell, my kernel does
>>> not have it. Do you have the full kernel installed? Can you run make
>>> xconfig and check if NAT-T support is available?
>>>
>>> Thanks again,
>>> Rick Knight
>>>
>>> Aaron Kincer wrote:
>>> > I'm running Feisty with that version now with Sonicwall and NAT-T 
>>> works
>>> > fine. XAUTH, however, does not. If you are having issues, that is
>>> > probably
>>> > it if all other things are configured correctly.
>>> >
>>> > On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
>>> >>
>>> >> I'm still trying to connect my linux boxes to our Sonicwall VPN. 
>>> I need
>>> >> to use NAT-T and, as far as I can tell, the Ubuntu kernel (ver
>>> >> 2.6.20-16) does not include the required NAT-T kernel patches. I 
>>> have
>>> >> tried to apply these patches without success for 2 days now. Has 
>>> anyone
>>> >> been able to get the NAT-T patches to apply to the Ubuntu (or 
>>> Debian)
>>> >> kernel?
>>> >>
>>> >> Thanks for any help,
>>> >> Rick Knight
>>> >> _______________________________________________
>>> >> Users at openswan.org
>>> >> http://lists.openswan.org/mailman/listinfo/users
>>> >> Building and Integrating Virtual Private Networks with Openswan:
>>> >>
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 
>>>
>>> >>
>>>
>>>
>
>



More information about the Users mailing list