[Openswan Users] Openswan, NAT-T Xauth Sonicwall

Aaron Kincer kincera at gmail.com
Wed Jun 20 12:54:01 EDT 2007


I have the following packages installed using Synaptic Package Manger
(System -> Administration -> Synaptic Package Manager)

ipsec-tools
linux-patch-openswan
openswan

You can find those packages easily by using "ipsec" as your search term by
clicking on the Search button in Synapitc Package Manager. When you are done
selecting the packages, click the Apply button.

On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
>
> This is not on a server. It's on a notebook  and a desktop PC. I'm using
> apt-get, haven't tried synaptic, but maybe I should to the kernel.
> Unless I'm missing something, the patch is downloaded to /usr/src/ but
> not applied.
>
> Thanks,
> Rick Knight
>
> Aaron Kincer wrote:
> > I just checked it to add the package in synaptic and clicked "Apply".
> >
> > Are you doing this on a server installation? If so, why aren't you
> > using apt-get?
> >
> > Rick Knight wrote:
> >> Aaron,
> >>
> >> I have the patch and I've tried to apply it. It just won't apply for
> >> me. When I use make-kpkg --added-patches openswan --config configure,
> >> the command fails with a message about the kernel already containing
> >> the patch but when I ran make xconfig prior to make-kpkg, there were
> >> no NAT-T options. Also, the patch did succeed in adding KLIPS, but
> >> subsequent attempts to run make xconfig (or make menuconfig) fail
> >> with the error "can't open file net/ipsec/Kconfig". I've checked,
> >> that file does not exist.
> >>
> >> Do you recall how you applied this patch?
> >>
> >> Thanks,
> >> Rick Knight
> >>
> >>
> >> Aaron Kincer wrote:
> >>> In that thread, "he" is me and yes, that's the patch I'm talking
> >>> about. Is there a reason you haven't applied that patch?
> >>>
> >>> Rick Knight wrote:
> >>>> Aaron,
> >>>>
> >>>> I've followed that howto and I still cannot connect. The only thing
> >>>> he has that I don't is the IPSec patches applied.  I am assuming he
> >>>> means the linux-patch-openswan patches because they do patch IPSec
> >>>> to handle NAT-T. I'll wait to hear from you tomorrow about your
> >>>> kernel.
> >>>>
> >>>> Thanks again,
> >>>> Rick Knight
> >>>>
> >>>> Aaron Kincer wrote:
> >>>>> When I get home later, I will. For now, check out this:
> >>>>>
> >>>>> http://lists.openswan.org/pipermail/users/2007-March/012092.html
> >>>>>
> >>>>> The only thing you don't need to do is install Racoon. The rest is
> >>>>> spot on
> >>>>> how I got it working.
> >>>>>
> >>>>> On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
> >>>>>>
> >>>>>> Aaron,
> >>>>>>
> >>>>>> Thanks for your reply. Xauth may be an issue, but I don't get
> >>>>>> that far.
> >>>>>> When I try to connect I get through phase 1 and then I get
> >>>>>> messages like
> >>>>>> these...
> >>>>>>
> >>>>>> Warning - VPN IKE -     Received unencrypted packet while crypto
> >>>>>> active
> >>>>>> Warning - VPN IKE -     Received notify: PAYLOAD_MALFORMED
> >>>>>>
> >>>>>> I've spent some time with SonicWall tech support and they think the
> >>>>>> problem is NAT-T related. I've read all the docs I can find on
> NAT-T
> >>>>>> support for Ubuntu and Debian, and as far as I can tell, my
> >>>>>> kernel does
> >>>>>> not have it. Do you have the full kernel installed? Can you run
> make
> >>>>>> xconfig and check if NAT-T support is available?
> >>>>>>
> >>>>>> Thanks again,
> >>>>>> Rick Knight
> >>>>>>
> >>>>>> Aaron Kincer wrote:
> >>>>>> > I'm running Feisty with that version now with Sonicwall and
> >>>>>> NAT-T works
> >>>>>> > fine. XAUTH, however, does not. If you are having issues, that is
> >>>>>> > probably
> >>>>>> > it if all other things are configured correctly.
> >>>>>> >
> >>>>>> > On 6/19/07, Rick Knight <rick_knight at rlknight.com> wrote:
> >>>>>> >>
> >>>>>> >> I'm still trying to connect my linux boxes to our Sonicwall
> >>>>>> VPN. I need
> >>>>>> >> to use NAT-T and, as far as I can tell, the Ubuntu kernel (ver
> >>>>>> >> 2.6.20-16) does not include the required NAT-T kernel patches.
> >>>>>> I have
> >>>>>> >> tried to apply these patches without success for 2 days now.
> >>>>>> Has anyone
> >>>>>> >> been able to get the NAT-T patches to apply to the Ubuntu (or
> >>>>>> Debian)
> >>>>>> >> kernel?
> >>>>>> >>
> >>>>>> >> Thanks for any help,
> >>>>>> >> Rick Knight
> >>>>>> >> _______________________________________________
> >>>>>> >> Users at openswan.org
> >>>>>> >> http://lists.openswan.org/mailman/listinfo/users
> >>>>>> >> Building and Integrating Virtual Private Networks with Openswan:
> >>>>>> >>
> >>>>>>
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >>>>>>
> >>>>>> >>
> >>>>>>
> >>>>>>
> >>>>
> >>>>
> >>
> >>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070620/fadfbb53/attachment.html 


More information about the Users mailing list