[Openswan Users] Trying to use linux as VPN client
Paul Wouters
paul at xelerance.com
Thu Nov 20 17:53:31 EST 2008
On Thu, 20 Nov 2008, Sebastiaan van Erk wrote:
>> Can you explain "NAT-T on force"? Did you mean forceencaps= ? Or something
>> on the client?
>
> Yes, it's an option in the GTA mobile client on Windows XP. I'm guessing it
> means the same as "yes". The options are "auto", "forced", and "disabled".
> Basically the tunnel doesn't work properly (even though it gets established)
> when I disable NAT-T using the GTA mobile client. Which is logical I guess,
> since I'm behind NAT.
Ahh. okay.
> The log file does say the following:
>
> Nov 20 23:02:38 blauwoor pluto[998]: Setting NAT-Traversal port-4500 floating
> to on
> Nov 20 23:02:38 blauwoor pluto[998]: port floating activation criteria
> nat_t=1/port_float=1
> Nov 20 23:02:38 blauwoor pluto[998]: KLIPS does not have NAT-Traversal
> built in (see /proc/net/ipsec/natt)
> Nov 20 23:02:38 blauwoor pluto[998]: including NAT-Traversal patch
> (Version 0.6c)
>
> Does this mean that NAT-T is enabled after all, and I do not need to
> recompile my kernel?
Looks like you're missing NAT-T. If you have your kernel .config file
anywhere, grep it for CONFIG_IPSEC_NAT_TRAVERSAL.
Paul
More information about the Users
mailing list