[Openswan Users] Trying to get basics down
Neal Murphy
neal.p.murphy at alum.wpi.edu
Thu May 19 12:52:42 EDT 2011
On Thursday 19 May 2011 09:33:12 Chris Ditri wrote:
> Okay... according to tcpdump, the tunnel has been established:
>
> tcpdump -n -i eth0 |grep -i esp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 09:26:34.689663 IP 10.5.5.126 > 10.5.5.134:
> ESP(spi=0x7e2eb1cb,seq=0x24), length 148
> 09:26:34.697211 IP 10.5.5.134 > 10.5.59.126:
> ESP(spi=0x0209e228,seq=0x17), length 148
> 09:26:34.697530 IP 10.5.5.126 > 10.5.5.134:
> ESP(spi=0x7e2eb1cb,seq=0x25), length 100
>
> ... but I'm still not sure why I'm getting this when I try to verify:
>
> Pluto listening for NAT-T on udp 4500 [FAILED]
Add 'nat_traversal=yes' after the 'protostack=netkey' line. That should allow
openswan to use NAT-T if/when it determines it needs to and make the failure
go away.
> Two or more interfaces found, checking IP forwarding [FAILED]
'cat /proc/sys/net/ipv4/ip_forward' just to verify that it's being set. Of
course, seeing packets routed through the system is probably solid evidence,
too. ;) Is there a possibility that openswan cannot access what it checks for
forwarding? Otherwise, can't help with this one.
More information about the Users
mailing list