LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-10-2011, 08:51 PM   #1
volga629
Member
 
Registered: Dec 2009
Posts: 67

Rep: Reputation: 21
Exclamation Open Swan IPSEC Urgent help


I compiled openswan 2.6.29 under centos 5.3 with following commands.
During installation no error has being reported.
I set all config together.
I ran patch for nat-t.
I can mark as active in make menuconfig, but when patch ran is looked for udp.c and it is fail to patch there no file by this name.
I want to know what is missing, what need to be done for udp.c to get nat-t patch working properly.
Any help welcome.
Thank you in advance.

Code:
General Config

config setup
        interfaces="ipsec0=eth1"
        klipsdebug="none"
        uniqueids=yes
        nat_traversal=yes
        protostack="klips"
        virtual_private='%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v44
:!192.168.10.64/26,%v4:!192.168.20.0/24,%v4:!192.168.19.0/24,%v4:!192.168.100.0//
24,%v4:!192.168.12.0/24'
        plutodebug="parsing emitting klips"
        overridemtu=1380
Code:
make KERNELSRC=/lib/modules/2.6.18-194.32.1.el5xen/build/ module minstall programs install
Code:
Ipsec verify
[root@hostname 2.6.18-194.32.1.el5xen-x86_64]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan 2.6.29 (klips)
Checking for IPsec support in kernel                        	[OK]
KLIPS detected, checking for NAT Traversal support          	[UNKNOWN]
Testing against enforced SElinux mode                       	[OK]
Checking that pluto is running                              	[OK]
Pluto listening for IKE on udp 500                          	[OK]
Pluto listening for NAT-T on udp 4500                       	[FAILED]
Two or more interfaces found, checking IP forwarding        	[FAILED]
Checking NAT and MASQUERADEing                              	[OK]
Checking for 'ip' command                                   	[OK]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]
Code:
 Linux Kernel v2.6.18-194.32.1.el5xen Configuration                             
 ------------------------------------------------------------------------------ 
  +-------------------------- Networking options ---------------------------+   
  |  Arrow keys navigate the menu.  <Enter> selects submenus --->.          |   
  |  Highlighted letters are hotkeys.  Pressing <Y> includes, <N> excludes, |   
  |  <M> modularizes features.  Press <Esc><Esc> to exit, <?> for Help, </> |   
  |  for Search.  Legend:[*] built-in  [ ] excluded  <M> module  < >       |   
  | +^(-)-----------------------------------------------------------------+ |   
  | |[*]     IP: PIM-SM version 2 support                                 | |   
  | |[ ]   IP: ARP daemon support (EXPERIMENTAL)                          | |   
  | |[*]   IP: TCP syncookie support (disabled per default)               | |   
  | |<M>   IP: AH transformation                                          | |   
  | |<M>   IP: ESP transformation                                         | |   
  | |<M>   IP: IPComp transformation                                      | |   
  | |[*]   IPSEC NAT-Traversal (KLIPS compatible)                         | |   
  | |<M>   IP: IPsec transport mode                                       | |   
  | |<M>   IP: IPsec tunnel mode                                          | |   
  | |<M>   INET: socket monitoring interface                              | |   
  | +v(+)-----------------------------------------------------------------+ |   
  +-------------------------------------------------------------------------+   
  |                    <Select>    < Exit >    < Help >                     |   
  +-------------------------------------------------------------------------+
 
Old 02-11-2011, 12:08 AM   #2
jcalzare
Member
 
Registered: Aug 2009
Location: Chicago
Distribution: CentOS
Posts: 114

Rep: Reputation: 34
Try using yum provides:

$> yum provides */udp.c
Repo : fedora
Matched from:
Filename : /usr/share/kcbench-data/linux-2.6.35/net/ipv6/udp.c
Filename : /usr/share/kcbench-data/linux-2.6.35/net/ipv4/udp.c



kcbench-data-2.6.35-0.1-6.fc14.noarch : Kernel sources from 2.6.35 to be used by kcbench
Repo : installed
Matched from:
Filename : /usr/share/kcbench-data/linux-2.6.35/net/ipv6/udp.c
Filename : /usr/share/kcbench-data/linux-2.6.35/net/ipv4/udp.c

Obviously this is with fedora, but you can run the same command on centos. If it returns packages as mine has, you can then install those packages via yum to get udp.c
 
Old 02-11-2011, 09:04 AM   #3
volga629
Member
 
Registered: Dec 2009
Posts: 67

Original Poster
Rep: Reputation: 21
Thank you for you answer.
Little more information.
This Xen vm with Cent OS 5.3.
I looked for this file, but no luck yet.
Submitted report, in hope that will be resolution.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vpn-ipsec : Failed to parse config setup portion of ipsec.conf hari85 Linux - Newbie 1 07-17-2010 09:12 PM
LXer: Report: Linux: Ugly Duckling to Beautiful Swan LXer Syndicated Linux News 0 04-11-2009 08:00 AM
IPsec fails to open tunnel KaMakani Linux - Networking 0 10-13-2005 12:54 AM
How to configure Host-to-Host IPSec (Free SWAN) gpagedar Linux - Security 2 10-18-2003 06:22 AM
VPN (Free/Swan) abbah Linux - Security 1 05-28-2001 10:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration