[Openswan Users] Connection against a Lucent FW success!!!! but may be there's still room for improvement
Paul Wouters
paul at xelerance.com
Sun Sep 28 11:00:06 EDT 2008
On Sun, 28 Sep 2008, Rolando Zappacosta wrote:
> > try: forceencaps=yes
>
> even though I added
> "nat_traversal=yes" to "config setup"
> and
> "forceencaps=yes" to my "conn Intranet"
> nothing goes out of my PC under UDP (neither ISAKMP nor ESP).
Not sure what that means. If no UDP goes out, you did not start
the connection. IPsec always starts with IKE on udp port 500 and
depending on the nat-t standard/drafts used stays on udp port 500
or switches to udp port 4500, which may or may not get rewritten
by an upstream NAT device to appear to come from a "random high port".
> Do I have to care about anything else or any special kernel option?
The bootup logs of openswan tell you if nat-t is supported, enabled
and whether port-floating is enabled. If those are all enabled your
end is good to go.
Check firewall rules and NAT rules for interference.
Paul
>
>
>
>
>
>
>
>
More information about the Users
mailing list