[Openswan Users] NAT-T in native stack??
Lewis Shobbrook
lshobbrook at fasttrack.net.au
Fri Apr 2 10:31:40 CEST 2004
Thanks for all the help here,
> > > Perhaps Rene wants to enable this per default.
> > Might be an option, but I used to set it off by default because it
> > broke
> > stuff in earlier freeswan releases (where I applied the
> NAT-T patch). Is
> > it "safe" now, i.e. is _everything_ expected to work with
> NAT-T being on
> > that work when it is disabled ?
>
> AFAIK, yes. Just make sure you have:
>
> USE_NAT_TRAVERSAL_TRANSPORT_MODE?=true
>
> in Makefile.inc. Note the _MODE part, which was missing in
> previous versions, and might still be missing in 2.1.1. (It
> is fixed in cvs) This is neccessary for WinXP/2K
>
> For the native stack, also apply the fix from Nate that
> changed a test -d to a test -f for /proc/modules in _startklips.
I've done this...
> Paul
I think the major issue was placing nat_traversal=yes in the conn
section rather than the config.
I expected that this would be a conn setting as it is only needed for
specific connections.
Strange that I didn't get any errors when restarting ipsec when I did
this.
Thanks again to all,
Lewis
More information about the Users
mailing list