[Openswan dev] openswan 2.1.0rc1 rpms

Sam Sgro sam at spidersilk.net
Tue Mar 9 18:06:13 CET 2004

On Tuesday 09 March 2004 17:24, Axel Thimm wrote:
> So NAT-T will work only with 2.6 (and 2.4 with backported 2.6 ipsec
> code like RHEL)? Is there no ESPINUDP patch for 2.4?

I think I meant that response as a reply to an earlier message. There is 
certainly an ESPinUDP patch for 2.4; I'm using openswan 1.0.2 from CVS with 
2.4.25, and it works perfectly. 

Looking at the message I actually replied to :) I can say this: on my 2.4.25 
kernel, I have CONFIG_IPSEC_NAT_TRAVERSAL=y set, which your earlier post 
didn't include, nor is it present in any of the stock configs in /configs as 
I look through the kernel source RPM for 2.4.22-1.2174.nptl_39.rhfc1.at. This 
is required for NAT-T support in the kernel. 

As a still bigger problem: the kernel source RPM doesn't include the 
modification to ipv4/udp.c which would allow ESPinUDP. (You can see the patch 
in the openswan 2.1.0rc1 tree in nat-t/net/ipv4) I don't know if that was a 
potential problem with the 2.1.0rc1 installer, but I expect that's why you're 
missing ESPinUDP support.

Sam Sgro
sam at spidersilk.net

More information about the Dev mailing list