[Openswan Users] Openswan, NAT-T Xauth Sonicwall

Rick Knight rick_knight at rlknight.com
Tue Jun 19 15:32:24 EDT 2007 

Make that Adept, not apt-get.

Rick Knight

Rick Knight wrote:
> This is not on a server. It's on a notebook  and a desktop PC. I'm using 
> apt-get, haven't tried synaptic, but maybe I should to the kernel. 
> Unless I'm missing something, the patch is downloaded to /usr/src/ but 
> not applied.
>
> Thanks,
> Rick Knight
>
> Aaron Kincer wrote:
>   
>> I just checked it to add the package in synaptic and clicked "Apply".
>>
>> Are you doing this on a server installation? If so, why aren't you 
>> using apt-get?
>>
>> Rick Knight wrote:
>>     
>>> Aaron,
>>>
>>> I have the patch and I've tried to apply it. It just won't apply for 
>>> me. When I use make-kpkg --added-patches openswan --config configure, 
>>> the command fails with a message about the kernel already containing 
>>> the patch but when I ran make xconfig prior to make-kpkg, there were 
>>> no NAT-T options. Also, the patch did succeed in adding KLIPS, but 
>>> subsequent attempts to run make xconfig (or make menuconfig) fail 
>>> with the error "can't open file net/ipsec/Kconfig". I've checked, 
>>> that file does not exist.
>>>
>>> Do you recall how you applied this patch?
>>>
>>> Thanks,
>>> Rick Knight
>>>
>>>
>>> Aaron Kincer wrote:
>>>       
>>>> In that thread, "he" is me and yes, that's the patch I'm talking 
>>>> about. Is there a reason you haven't applied that patch?
>>>>
>>>> Rick Knight wrote:
>>>>         
>>>>> Aaron,
>>>>>
>>>>> I've followed that howto and I still cannot connect. The only thing 
>>>>> he has that I don't is the IPSec patches applied.  I am assuming he 
>>>>> means the linux-patch-openswan patches because they do patch IPSec 
>>>>> to handle NAT-T. I'll wait to hear from you tomorrow about your 
>>>>> kernel.
>>>>>
>>>>> Thanks again,
>>>>> Rick Knight
>>>>>
>>>>> Aaron Kincer wrote:
>>>>>           
>>>>>> When I get home later, I will. For now, check out this:
>>>>>>
>>>>>> http://lists.openswan.org/pipermail/users/2007-March/012092.html
>>>>>>
>>>>>> The only thing you don't need to do is install Racoon. The rest is 
>>>>>> spot on
>>>>>> how I got it working.
>>>>>>
>>>>>> On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
>>>>>>             
>>>>>>> Aaron,
>>>>>>>
>>>>>>> Thanks for your reply. Xauth may be an issue, but I don't get 
>>>>>>> that far.
>>>>>>> When I try to connect I get through phase 1 and then I get 
>>>>>>> messages like
>>>>>>> these...
>>>>>>>
>>>>>>> Warning - VPN IKE -     Received unencrypted packet while crypto 
>>>>>>> active
>>>>>>> Warning - VPN IKE -     Received notify: PAYLOAD_MALFORMED
>>>>>>>
>>>>>>> I've spent some time with SonicWall tech support and they think the
>>>>>>> problem is NAT-T related. I've read all the docs I can find on NAT-T
>>>>>>> support for Ubuntu and Debian, and as far as I can tell, my 
>>>>>>> kernel does
>>>>>>> not have it. Do you have the full kernel installed? Can you run make
>>>>>>> xconfig and check if NAT-T support is available?
>>>>>>>
>>>>>>> Thanks again,
>>>>>>> Rick Knight
>>>>>>>
>>>>>>> Aaron Kincer wrote:
>>>>>>>               
>>>>>>>> I'm running Feisty with that version now with Sonicwall and 
>>>>>>>>                 
>>>>>>> NAT-T works
>>>>>>>               
>>>>>>>> fine. XAUTH, however, does not. If you are having issues, that is
>>>>>>>> probably
>>>>>>>> it if all other things are configured correctly.
>>>>>>>>
>>>>>>>> On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
>>>>>>>>                 
>>>>>>>>> I'm still trying to connect my linux boxes to our Sonicwall 
>>>>>>>>>                   
>>>>>>> VPN. I need
>>>>>>>               
>>>>>>>>> to use NAT-T and, as far as I can tell, the Ubuntu kernel (ver
>>>>>>>>> 2.6.20-16) does not include the required NAT-T kernel patches. 
>>>>>>>>>                   
>>>>>>> I have
>>>>>>>               
>>>>>>>>> tried to apply these patches without success for 2 days now. 
>>>>>>>>>                   
>>>>>>> Has anyone
>>>>>>>               
>>>>>>>>> been able to get the NAT-T patches to apply to the Ubuntu (or 
>>>>>>>>>                   
>>>>>>> Debian)
>>>>>>>               
>>>>>>>>> kernel?
>>>>>>>>>
>>>>>>>>> Thanks for any help,
>>>>>>>>> Rick Knight
>>>>>>>>> _______________________________________________
>>>>>>>>> Users at openswan.org
>>>>>>>>> http://lists.openswan.org/mailman/listinfo/users
>>>>>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>>>>>>
>>>>>>>>>                   
>>>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 
>>>>>>>
>>>>>>>               
>>>>>>>               
>>>>>           
>>>       
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list