[Openswan Users] dns via IPSEC tunnel
Paul Wouters
paul at xelerance.com
Wed Dec 8 17:50:23 EST 2010
On Wed, 8 Dec 2010, aurfalien at gmail.com wrote:
>>> openswan 2.6.x works fine on centos 5.5
>
> How did you deal with the following error;
>
> ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
> ipsec__plutorun: 002 added connection description "vinz"
> ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
> ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style
> NAT-T family IPv4 (errno=19)
> ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T
>
> And just sits there.
That might just be the end of logging in /var/log/messages. Logs of pluto
itself go into /var/log/secure or /var/log/auth*
> While ipsec is still started, I do ipsec verify and get;
>
> Version check and ipsec on-path
> OK
> Linux Openswan U2.6.26/K2.6.18-194.11.1.el5
> OK
> Checking for IPsec support in kernel
> OK
> SAref kernel support
> N/A
> NETKEY detected, testing for disabled ICMP send_redirects
> FAILED
>
> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
> or NETKEY will cause the sending of bogus ICMP redirects!
>
> NETKEY detected, testing for disabled ICMP accept_redirects
> FAILED
>
> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
> or NETKEY will accept bogus ICMP redirects!
You should fix these. Examples are in the doc directory (sysctl.conf)
I'm not sure I understand what your problem is?
Paul
More information about the Users
mailing list