From: Ken Bantoft (ken_at_freeswan.ca)
Date: Sun Oct 27 2002 - 17:34:45 CET
On Sun, 27 Oct 2002 psnizek_at_belfin.ch wrote:
>
>
> I did this and result is
>
> Oct 27 15:42:23 carbon pluto[4998]: NAT-Traversal: ESPINUDP(1) not supported
> by kernel -- NAT-T disabled
Did you compile + install a new kernel?
>From README.SUPERFS
HOW TO INSTALL
1. Read all the README's. Ignore the patching instructions - I've
done all that for you.
2. Remember if you want NAT-Traversal, you need to build a new
kernel, since this patch touches the TCP/IP stack in the kernel.
You'll need to fully compile + install a new kernel. NAT Traversal relys
on patching the kernel to support ESP in UDP. It's not a kernel compile
option - once patched it, the kernel supports it. The patch touches
sock.h and udp.c, so unless you have IPv4 as a module, you'll need to
build a new kernel and install it. Annoying, but until Linus et al either
accept the current patch as is, or a variant thereof, we're stuck with
this solution.
Ken
> Oct 27 15:42:23 carbon pluto[4998]: adding interface ipsec0/eth0 192.168.1.7
> Oct 27 15:42:23 carbon pluto[4998]: loading secrets from
> "/etc/ipsec.secrets"
> Oct 27 15:42:23 carbon ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) not
> supported by kernel -- NAT-T disabled
>
> It seems to be missing ESP in UDP kernel module. So I checked the kernel.
> There is no ESP in UDP I could add. This is my kernel config.
>
> <*> IP Security Protocol (FreeS/WAN IPSEC)
>
> --- IPSec options (FreeS/WAN)
>
> [*] IPSEC: IP-in-IP encapsulation (tunnel mode)
>
> [*] IPSEC: Authentication Header
>
> [*] HMAC-MD5 authentication algorithm
>
> [*] HMAC-SHA1 authentication algorithm
>
> [*] IPSEC: Encapsulating Security Payload
>
> [*] 3DES encryption algorithm
>
> [*] IPSEC Modular Extensions
>
> <*> HMAC_MD5 auth algorithm (modular alg)
>
> <*> HMAC_SHA1 auth algorithm (modular alg)
>
> <*> HMAC_SHA2 auth algorithm
>
> <*> 3DES encryption algorithm (modular alg)
>
> <*> AES encryption algorithm
>
> <*> BLOWFISH encryption algorithm
>
> <*> TWOFISH encryption algorithm
>
> <*> SERPENT encryption algorithm
>
> <*> CAST encryption algorithm
>
> <*> NULL encryption algorithm
>
> [*] IPSEC: IP Compression
>
> [*] IPSEC Debugging Option
>
> [*] IPSEC NAT-Traversal
>
>
>
>
> >
> >
> >
> > From README.NAT-Traversal
> >
> > o install new kernel, pluto, whack, _confread, _plutorun, _realsetup
> > o add 'nat_traversal=yes' to your ipsec.conf (config setup)
> >
> >
> >
> >
> > On Sun, 27 Oct 2002 psnizek_at_belfin.ch wrote:
> >
> > > Hello,
> > >
> > > When starting up SuperFS with ipsec setup start or at boot
> > up of the box I
> > > always get this:
> > >
> > > Oct 27 09:24:29 carbon pluto[3743]: including
> > NAT-Traversal patch (Version
> > > 0.4) [disabled]
> > >
> > > How can I enable NAT-T at startup? Exactly this I need.
> > >
> > > Thank you,
> > >
> > > Philipp
> > > _______________________________________________
> > > Users mailing list
> > > Users_at_lists.freeswan.org
> > > http://lists.freeswan.org/mailman/listinfo/users
> > >
> >
> > --
> > Ken Bantoft The Unoffical FreeS/WAN Site:
> > ken_at_freeswan.ca http://www.freeswan.ca
> > PGP Key: finger ken_at_bantoft.org
> > "We can factor the number 15 with quantum computers. We
> > can also factor the number 15 with a dog trained to bark
> > three times." -- Robert Harley, 5/12/01, Sci.crypt
> >
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
> >
>
--
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Mon Oct 28 2002 - 05:20:30 CET