[Openswan Users] NAT-T in native stack??

Lewis Shobbrook lshobbrook at fasttrack.net.au
Fri Apr 2 10:31:40 CEST 2004

Thanks for all the help here,
> > > Perhaps Rene wants to enable this per default.
> > Might be an option, but I used to set it off by default because it 
> > broke
> > stuff in earlier freeswan releases (where I applied the 
> NAT-T patch). Is 
> > it "safe" now, i.e. is _everything_ expected to work with 
> NAT-T being on 
> > that work when it is disabled ?
> AFAIK, yes. Just make sure you have:
> in Makefile.inc. Note the _MODE part, which was missing in 
> previous versions, and might still be missing in 2.1.1. (It 
> is fixed in cvs) This is neccessary for WinXP/2K
> For the native stack, also apply the fix from Nate that 
> changed a test -d to a test -f for /proc/modules in _startklips.

I've done this...

> Paul

I think the major issue was placing nat_traversal=yes in the conn
section rather than the config.

I expected that this would be a conn setting as it is only needed for
specific connections.

Strange that I didn't get any errors when restarting ipsec when I did

Thanks again to all,


More information about the Users mailing list