[Openswan Users] dns via IPSEC tunnel
aurfalien at gmail.com
aurfalien at gmail.com
Wed Dec 8 16:46:30 EST 2010
On Dec 7, 2010, at 10:29 PM, Paul Wouters wrote:
> On Tue, 7 Dec 2010, aurfalien at gmail.com wrote:
>
>> I finally got Openswan 2.14 to work with Centos 5.5
>
> That's not a valid version number. Did you mean 2.4.14 ?
yes, typo.
>> openswan 2.6.x works fine on centos 5.5
How did you deal with the following error;
ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
ipsec__plutorun: 002 added connection description "vinz"
ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new
style NAT-T family IPv4 (errno=19)
ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T
And just sits there.
While ipsec is still started, I do ipsec verify and get;
Version check and ipsec on-path OK
Linux Openswan U2.6.26/K2.6.18-194.11.1.el5 OK
Checking for IPsec support in kernel OK
SAref kernel support N/A
NETKEY detected, testing for disabled ICMP send_redirects FAILED
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects FAILED
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking that pluto is running OK
Pluto listening for IKE on udp 500 OK
Pluto listening for NAT-T on udp 4500 OK
two or more interfaces found, checking for IP forwarding OK
Checking NAT and MASQUERADING N/A
Checking for 'ip' command OK
Checking for 'iptables' command OK
Opportunistic Encryption Support DISABLED
Any nuggets are GREATLY appreciated.
PS I do have ICMP send and accept redirects set as 0 in my sysctl.conf
file for all interfaces and for both IPV4/6 so I'm unsure why ipsec
verify says its not.
More information about the Users
mailing list