Project

General

Profile

Issue #1547

Deprecated keyword 'plutostart' and 'nat_traversal' in config setup

Added by Bianca Lana over 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
Resolution:

Description

Configuring first time strongSwan for my Elementary OS, I used the instructions on hide.me's website. After following all the steps when I try to restart strongSwan, it doesn't start but shows:

# deprecated keyword 'plutostart' in config setup
# deprecated keyword 'nat_traversal' in config setup
### 2 parsing errors (0 fatal) ###

My ipsec.conf is configured as:

config setup
        plutostart=no
        strictcrlpolicy=no
        nat_traversal=yes

conn hide
        keyexchange=ikev2
        dpdaction=clear
        dpddelay=300s
        eap_identity="_myusername_" 
        leftauth=eap-mschapv2
        left=%defaultroute
        leftsourceip=%config
        right=_myserver_
        rightauth=pubkey
        rightsubnet=0.0.0.0/0
        rightid=%any
        type=tunnel
    auto=add

History

#2 Updated by Andreas Steffen over 5 years ago

  • Status changed from New to Feedback
  • Assignee set to Andreas Steffen

strongSwan 5.x does not use the old IKEv1 pluto daemon anymore since the IKEv1 protocol is now handled by the charon daemon itself. NAT traversal is enabled by default and cannot be disabled. Thus just remove the plutostart and nat_traversal options from your ipsec.conf file.

#3 Updated by Bianca Lana over 5 years ago

Andreas Steffen wrote:

strongSwan 5.x does not use the old IKEv1 pluto daemon anymore since the IKEv1 protocol is now handled by the charon daemon itself. NAT traversal is enabled by default and cannot be disabled. Thus just remove the plutostart and nat_traversal options from your ipsec.conf file.

Thanks, errors just disappeared. However, I'm checking my IP to see if my VPN worked and it seems it didn't change anything. I also lowered the MTU and pinged hide.me's servers, it pings but it doesn't work anyway. How can I test what is wrong, if I can have ideas I'll really appreciate. Thank you.

#4 Updated by Noel Kuntze over 4 years ago

  • Status changed from Feedback to Closed
  • Assignee deleted (Andreas Steffen)
  • Priority changed from High to Normal
  • Affected version deleted (4.6.4)

The problem can have many causes. ForwardingAndSplitTunneling mentions the ones that are mostly the problem.

Also available in: Atom PDF