[Openswan dev] Openswan 2.4.0rc4 instability with L2TP
Paul Wouters
paul at xelerance.com
Fri Aug 26 18:33:56 CEST 2005
On Fri, 26 Aug 2005, Dmitriy wrote:
> I test on two kernel 2.6.12.5 versions with NAT-T openswan patch and
> without.
> results:
> on NAT-T patched kernel
> openswan without nat - NOT WORK
> openswan with nat - NOT WORK
> strongswan without nat - WORK
> strongswan with nat - NOT WOK
>
> on kernel without NAT-T patch
> openswan without nat - NOT WORK
> openswan with nat - WORK
> strongswan without nat - WORK
> strongswan with nat - WORK
We are currently adding l2tp in our testcases. I believe the problem has
to do with fragmentation. Various bugs in bugs.openswan.org seem to be
related to each other. Transport mode, Nat-t and packet sizes.
> i don't understand WHY YOU PROVIDE NAT-T PATCH FOR 2.6 KERNELS?
The NAT-T patch is for KLIPS, not NETKEY. If you want to run KLIPS on a
2.4 or 2.6 kernel and support NAT-T, you need the patch. If you want to
use NETKEY with NAT-T, no NAT-T patch is needed.
Paul
More information about the Dev
mailing list