[Openswan Users] L2TP/IPSEC response unencrypted (wasopenswan-2.6.24rc1 NATed MacOS Kernel crash)

David McCullough David_Mccullough at securecomputing.com
Mon Oct 26 21:25:17 EDT 2009


Jivin Giovani Moda lays it down ...
> > Anyway,  feedback appreciated :-)
> 
> Feedbacking: it works! :-) Windows XP SP2 connected behind NAT on Ubuntu 8.04, kernel 2.6.24-24-generic and openswan-2.6.4rc1 with KLIPS module and David's patches. No kernel crashes and no unencrypted server responses. Awesome work David!

So my current concern with the last patch is that is may break netkey.
We can always turn on the behaviour IIF we are using klips,  but I guess
it's best to wait and see.

I would also like to see multiple OSX behind a single NAT working,  but
thats another discussion ;-)

> There are still some issues with CentOS 5.3 (intermitently crashing while loading/removing ipsec.ko)

Hmm, do you get an oops ?  If so it can't hurt to post them,  might help
figure it out.  Which kernel version is CentOS ?

> and Ubuntu 9.04 (crashing while connecting using NAT-T), but, altogether, it's looking good. I'll validate those patches on Fedora 7 to 11 and post the results later.

I tend to run Linus kernels, beats me what could cause problems with Ubuntu
and NAT-T, but again,  and oops may help,

Cheers,
Davidm

-- 
David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.com                http://www.uCdot.org


More information about the Users mailing list