[Openswan dev] openswan 2.1.0rc1 rpms
Sam Sgro
sam at spidersilk.net
Tue Mar 9 18:06:13 CET 2004
On Tuesday 09 March 2004 17:24, Axel Thimm wrote:
> So NAT-T will work only with 2.6 (and 2.4 with backported 2.6 ipsec
> code like RHEL)? Is there no ESPINUDP patch for 2.4?
I think I meant that response as a reply to an earlier message. There is
certainly an ESPinUDP patch for 2.4; I'm using openswan 1.0.2 from CVS with
2.4.25, and it works perfectly.
Looking at the message I actually replied to :) I can say this: on my 2.4.25
kernel, I have CONFIG_IPSEC_NAT_TRAVERSAL=y set, which your earlier post
didn't include, nor is it present in any of the stock configs in /configs as
I look through the kernel source RPM for 2.4.22-1.2174.nptl_39.rhfc1.at. This
is required for NAT-T support in the kernel.
As a still bigger problem: the kernel source RPM doesn't include the
modification to ipv4/udp.c which would allow ESPinUDP. (You can see the patch
in the openswan 2.1.0rc1 tree in nat-t/net/ipv4) I don't know if that was a
potential problem with the 2.1.0rc1 installer, but I expect that's why you're
missing ESPinUDP support.
--
Sam Sgro
sam at spidersilk.net
More information about the Dev
mailing list