Re: Multiple internet providers

To: netbsd-users%netbsd.org@localhost
Subject: Re: Multiple internet providers
From: Dima Veselov <kab00m%lich.phys.spbu.ru@localhost>
Date: Fri, 7 Oct 2011 10:17:06 +0400

Hi!

I have NetBSD 5.1 up-to-date router having few IPSEC connection 
configured. Now I need to add some new connection with some peer 
behind a NAT. I added 'options IPSEC_NAT_T' to the kernel.

But anyway racoon starting says:

Oct  7 02:11:18 loki racoon: INFO: 46.231.212.14[4500] used as isakmp port 
(fd=8) 
Oct  7 02:11:18 loki racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP): UDP_ENCAP 
Invalid argument 
Oct  7 02:11:18 loki racoon: INFO: 46.231.212.14[500] used as isakmp port 
(fd=9) 
Oct  7 02:11:18 loki racoon: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): 
UDP_ENCAP Invalid argument 
Oct  7 02:11:18 loki racoon: WARNING: NAT-T is enabled in at least one remote{} 
section, 
Oct  7 02:11:18 loki racoon: WARNING: but no 'isakmp_natt' address was 
specified! 

isakmp_natt address is specified in racoon.conf, IPSEC_NAT_T in working kernel. 
What can be a problem? Source tree is netbsd-5 up-to-date.

Not tried with FAST_IPSEC - can it be important?

-- 
Sincerelly yours

Prev by Date: Re: sort weirdness
Next by Date: Re: brute force/dictionary attacks
Previous by Thread: Re: Multiple internet providers
Next by Thread: Documentation 'flaws' - who to contact?
Indexes:

Home | Main Index | Thread Index | Old Index