[Openswan Users] Openswan/xl2tpd issue with nated roadwarriors

Paul Wouters paul at xelerance.com
Sat Jun 20 15:15:38 EDT 2009


On Sat, 20 Jun 2009, Sebastian Gomez Velasco wrote:

> I'm gonna use openswan 2.4.14. I found this files in http://www.openswan.org/code/
>  *  openswan-2.4.x.kernel-2.6.23-natt.patch (SIG)
>  *  openswan-2.4.14.tar.gz (SIG)
> 
> Do I need to install openswan-2.4.x.kernel-2.6.23-natt.patch ?? If so, how??

No, you are using netkey, so you do not need any patches. just the tar ball
to run 'make programs install'.

Paul

> > Date: Sat, 20 Jun 2009 14:11:32 -0400
> > From: paul at xelerance.com
> > To: blass_sgv at hotmail.com
> > CC: users at openswan.org
> > Subject: RE: [Openswan Users] Openswan/xl2tpd issue with nated roadwarriors
> >
> > On Sat, 20 Jun 2009, Sebastian Gomez Velasco wrote:
> >
> > > Hi Paul, thanks for the reply.
> > >
> > > About bug #1004, I'm not getting this error:  "cannot respond to IPsec SA request because no connection is known for......."
> > > like said in https://gsoc.xelerance.com/issues/1004
> >
> > That part was fixed, but the policies are still not entirely correct on openswan 2.6.x. Please use 2.4.14.
> >
> > > I tried with transport mode, but I got the same messages, except in /var/log/secure, where IPSec SA changed from "tunnel" to
> > > "transport"
> >
> > That's how it is supposed to be.
> >
> > You can see the policy is wrong using "ip xfrm pol" and "ip xfrm state". You'll notice that port 1701 is no
> > where to be found in the policy anymore on openswan 2.6.x.
> >
> > Paul
> 
> _______________________________________________________________________________________________________________________________________
> Explore the seven wonders of the world Learn more!
>


More information about the Users mailing list