[Openswan Users] Forcing UDP Encapsulation in Tunnel Mode

Shasi Thati shasi.thati at gmail.com
Mon Feb 23 17:22:12 EST 2009 

On Tue, Feb 17, 2009 at 5:30 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Tue, 17 Feb 2009, Shasi Thati wrote:
>
Thanks for your response,

>
>
> >Can you tell us more about this? Does it accelerate via OCF? Other means?
> >And for KLIPS or NETKEY?



> I am using the NETKEY interface and the Linux IPSec stack (Linux Crypto
> API, not the OCF)

provides me the necessary offload.



>
>  >The responder side also needs a virtual_private= line


I have added the following virtual_private line to the below setup.
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

version 2.0
#config setup
   config setup

   interfaces=%defaultroute
   protostack=netkey
   klipsdebug=none
   plutodebug=all

>  virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16



> #Simple Host to Host Connection
> conn tunnel-to-tunnel
>   type=tunnel
>   forceencaps=yes
>   left=192.168.1.100
>   leftsubnet=10.66.21.0/24
>   leftrsasigkey=<right key>
>   right=192.168.2.100
>   rightsubnet=10.66.12.0/24
>   rightrsasigkey=<left key>
>   keyingtries=1
>   auto=add
> But inspite of that I still see the Setting NAT-Traversal port-4500
> floating to off. I am not sue what is wrong, is my virtual_private entry
> or anything else wrong in the config file. I am starting to think if Nat
> traversal in enabled in the first place (although I have set
> nat_traversal=yes in the config file). How do I make sure of that? When we
> compile Openswan do we separately need to configure nat_traversal or is it
> not required?
>
pluto[2253]: Starting Pluto (Openswan Version 2.5.17; Vendor ID
OEztC{yJaHh[) pid:2253
pluto[2253]: Setting NAT-Traversal port-4500 floating to off
pluto[2253]: port floating activation criteria nat_t=0/port_float=1
pluto[2253]: including NAT-Traversal patch (Version 0.6c) [disabled]
   Also I am using the same config file on both sides, is that okay?


>
> Thanks in advance,
> -Shasi
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090223/06665b46/attachment.html

More information about the Users mailing list