[Openswan Users] Forcing UDP Encapsulation in Tunnel Mode

Shasi Thati shasi.thati at gmail.com
Mon Feb 23 17:22:12 EST 2009

On Tue, Feb 17, 2009 at 5:30 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Tue, 17 Feb 2009, Shasi Thati wrote:
Thanks for your response,

> >Can you tell us more about this? Does it accelerate via OCF? Other means?
> >And for KLIPS or NETKEY?

> I am using the NETKEY interface and the Linux IPSec stack (Linux Crypto
> API, not the OCF)

provides me the necessary offload.

>  >The responder side also needs a virtual_private= line

I have added the following virtual_private line to the below setup.
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

version 2.0
#config setup
   config setup


>  virtual_private=%v4:,%v4:,%v4:

> #Simple Host to Host Connection
> conn tunnel-to-tunnel
>   type=tunnel
>   forceencaps=yes
>   left=
>   leftsubnet=
>   leftrsasigkey=<right key>
>   right=
>   rightsubnet=
>   rightrsasigkey=<left key>
>   keyingtries=1
>   auto=add
> But inspite of that I still see the Setting NAT-Traversal port-4500
> floating to off. I am not sue what is wrong, is my virtual_private entry
> or anything else wrong in the config file. I am starting to think if Nat
> traversal in enabled in the first place (although I have set
> nat_traversal=yes in the config file). How do I make sure of that? When we
> compile Openswan do we separately need to configure nat_traversal or is it
> not required?
pluto[2253]: Starting Pluto (Openswan Version 2.5.17; Vendor ID
OEztC{yJaHh[) pid:2253
pluto[2253]: Setting NAT-Traversal port-4500 floating to off
pluto[2253]: port floating activation criteria nat_t=0/port_float=1
pluto[2253]: including NAT-Traversal patch (Version 0.6c) [disabled]
   Also I am using the same config file on both sides, is that okay?

> Thanks in advance,
> -Shasi
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090223/06665b46/attachment.html 

More information about the Users mailing list