[Openswan Users] Openswan, NAT-T Xauth Sonicwall
Rick Knight
rick_knight at rlknight.com
Tue Jun 19 15:29:51 EDT 2007
This is not on a server. It's on a notebook and a desktop PC. I'm using
apt-get, haven't tried synaptic, but maybe I should to the kernel.
Unless I'm missing something, the patch is downloaded to /usr/src/ but
not applied.
Thanks,
Rick Knight
Aaron Kincer wrote:
> I just checked it to add the package in synaptic and clicked "Apply".
>
> Are you doing this on a server installation? If so, why aren't you
> using apt-get?
>
> Rick Knight wrote:
>> Aaron,
>>
>> I have the patch and I've tried to apply it. It just won't apply for
>> me. When I use make-kpkg --added-patches openswan --config configure,
>> the command fails with a message about the kernel already containing
>> the patch but when I ran make xconfig prior to make-kpkg, there were
>> no NAT-T options. Also, the patch did succeed in adding KLIPS, but
>> subsequent attempts to run make xconfig (or make menuconfig) fail
>> with the error "can't open file net/ipsec/Kconfig". I've checked,
>> that file does not exist.
>>
>> Do you recall how you applied this patch?
>>
>> Thanks,
>> Rick Knight
>>
>>
>> Aaron Kincer wrote:
>>> In that thread, "he" is me and yes, that's the patch I'm talking
>>> about. Is there a reason you haven't applied that patch?
>>>
>>> Rick Knight wrote:
>>>> Aaron,
>>>>
>>>> I've followed that howto and I still cannot connect. The only thing
>>>> he has that I don't is the IPSec patches applied. I am assuming he
>>>> means the linux-patch-openswan patches because they do patch IPSec
>>>> to handle NAT-T. I'll wait to hear from you tomorrow about your
>>>> kernel.
>>>>
>>>> Thanks again,
>>>> Rick Knight
>>>>
>>>> Aaron Kincer wrote:
>>>>> When I get home later, I will. For now, check out this:
>>>>>
>>>>> http://lists.openswan.org/pipermail/users/2007-March/012092.html
>>>>>
>>>>> The only thing you don't need to do is install Racoon. The rest is
>>>>> spot on
>>>>> how I got it working.
>>>>>
>>>>> On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
>>>>>>
>>>>>> Aaron,
>>>>>>
>>>>>> Thanks for your reply. Xauth may be an issue, but I don't get
>>>>>> that far.
>>>>>> When I try to connect I get through phase 1 and then I get
>>>>>> messages like
>>>>>> these...
>>>>>>
>>>>>> Warning - VPN IKE - Received unencrypted packet while crypto
>>>>>> active
>>>>>> Warning - VPN IKE - Received notify: PAYLOAD_MALFORMED
>>>>>>
>>>>>> I've spent some time with SonicWall tech support and they think the
>>>>>> problem is NAT-T related. I've read all the docs I can find on NAT-T
>>>>>> support for Ubuntu and Debian, and as far as I can tell, my
>>>>>> kernel does
>>>>>> not have it. Do you have the full kernel installed? Can you run make
>>>>>> xconfig and check if NAT-T support is available?
>>>>>>
>>>>>> Thanks again,
>>>>>> Rick Knight
>>>>>>
>>>>>> Aaron Kincer wrote:
>>>>>> > I'm running Feisty with that version now with Sonicwall and
>>>>>> NAT-T works
>>>>>> > fine. XAUTH, however, does not. If you are having issues, that is
>>>>>> > probably
>>>>>> > it if all other things are configured correctly.
>>>>>> >
>>>>>> > On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
>>>>>> >>
>>>>>> >> I'm still trying to connect my linux boxes to our Sonicwall
>>>>>> VPN. I need
>>>>>> >> to use NAT-T and, as far as I can tell, the Ubuntu kernel (ver
>>>>>> >> 2.6.20-16) does not include the required NAT-T kernel patches.
>>>>>> I have
>>>>>> >> tried to apply these patches without success for 2 days now.
>>>>>> Has anyone
>>>>>> >> been able to get the NAT-T patches to apply to the Ubuntu (or
>>>>>> Debian)
>>>>>> >> kernel?
>>>>>> >>
>>>>>> >> Thanks for any help,
>>>>>> >> Rick Knight
>>>>>> >> _______________________________________________
>>>>>> >> Users at openswan.org
>>>>>> >> http://lists.openswan.org/mailman/listinfo/users
>>>>>> >> Building and Integrating Virtual Private Networks with Openswan:
>>>>>> >>
>>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>>
>>>>>> >>
>>>>>>
>>>>>>
>>>>
>>>>
>>
>>
More information about the Users
mailing list