[Openswan dev] openswan 2.1.0rc1 rpms

Axel Thimm Axel.Thimm at ATrpms.net
Wed Mar 10 09:28:02 CET 2004

On Tue, Mar 09, 2004 at 07:10:59PM -0500, Michael Richardson wrote:
> >>>>> "Axel" == Axel Thimm <Axel.Thimm at ATrpms.net> writes:
>     >> Fedora Core 1 does not natively provide the UDP encapsulation
>     >> needed for NAT Traversal. I think Paul was referring to the
>     >> upcoming FC2, which will have a 2.6 kernel.
>     Axel> So NAT-T will work only with 2.6 (and 2.4 with backported 2.6
>     Axel> ipsec code like RHEL)? Is there no ESPINUDP patch for 2.4?
>   No, that's correct.
>   NAT-T will work with any kernel that has been patched.
>   That would include:
>        1) all 2.6 kernels.		(maybe not 2.6.0?)
>        2) 2.4 with back-ported 26sec
>        3) any kernel source tree that has had:
>        ( cd openswan-X.Y.Z && make nattpatch ) | (cd /usr/src/linux &&
> patch -p1) 
>        done to it prior to a *complete* build.

OK, I had (mistakenly) assumed this patch was already in the

>   A *MODULE* build of *KLIPS* won't get you NAT-T, since you have to
> rebuild all of IPv4. There is no way to patch it into a distro kernel
> after the fact. At one point, we discussed doing an iptables based NAT-T
> module, which would be loadable. 
>   {If there is *significant* interest in doing this let me know}

There is interest in getting older RH flavours (from FC1 down to
RH7.3) running with NAT-T. For ATrpms it is probably easier to have
the kernels patched. If people from other distributions are interested
in supporting NAT-T in 2.4, and don't want to rebuild kernels (because
they would have to rebuild vendor kernel modules), such a module could
be useful, but I don't really think the demnd is that high. Better
invest the time on other areas. :)

I'll try to get patched kernels until the next weekend.
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20040310/098140cf/attachment.bin

More information about the Dev mailing list