[plug] linux ipsec in 2.6

Adrian Woodley Adrian at Diskworld.com.au
Tue Jun 29 11:44:18 WST 2004


Simon Scott wrote:
> Hi all
> 
> As a last resort, Im posting to plug. Ive been trying to figure this out, but 
> I cant find any info on it!
> 
> Im using the inbuilt ipsec capabilities in kernel 2.6 + setkey in tunnel mode. 
> After stuffing with it for days, I finally found information that due to the 
> SNAT at both ends, end aint gonna work without 'nat traversal'.
 
I've also been playing with the for the last week. My understanding is that you can't do any NAT on the IPSec packets as this will change their hash, making the packet look as though its been modified in transit (which it has). Their is a howto on VPN-Masquerading - http://www.linux.org.au/LDP/HOWTO/VPN-Masquerade-HOWTO.html.

> Thats where the trail stops. Supposedly it encapsulates the packets into UDP 
> packets to allow SNAT, but I cant find anything further on how to enable 
> this.
> 
> Has anyone successfully set this up? Is there any reason to use frees/wan when 
> 2.6 now hows inbuilt ipsec?

The inbuild ipsec will need OpenS\WAN (freeS\WAN's replacement) to setup (AFAIK). This is the easiest way I've found to run IPSec.

Regards,
Adrian

> Thanks
> _______________________________________________
> PLUG discussion list: plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20040629/8d97a856/attachment.pgp>


More information about the plug mailing list