[Openswan Users] Re: NAT-T on debian
Rene Mayrhofer
rene.mayrhofer at gibraltar.at
Fri Apr 23 11:38:49 CEST 2004
Lewis wrote:
> I've been attempting without success (like a few other list users)
> to get a working ipsec with NAT-T support. I was under the
> impression that NAT-T was supported in the Debian >= 2.6.4 kernels
> via the native ipsec stack; no patch need be applied it?
Yes, this is true.
> The directions for the openswan-2.1.2rc3 install, suggest install
> right over the top for 2.6 kernels. My experience has indicated
> that for Debian systems it is a little more complex. The default
> install to /usr/local/... leaves the old version in place at /usr/lib
> which still runs. I have been told there are some development
> issues with pluto currently in openswan, where pluto immediately
> segmentation faults on start, for which I have not been able to
> negotiate a solution for. I've noted that patching the 2.4.26
> debianised kernel with the openswan generated NAT-T patch fails 1 of
> 3 hunks.
openswan hit Debian unstable today (it took a while to get through), so
compiling it yourself should not longer be necessary. Just install the
binary package.
> The big Question... Are there currently any known NAT-T functional
> ..swan versions running on debian unstable? I'm willing to put the
> hard yards in (again), happy to use 2.4 kernels...just keep hitting
> dead ends... Rene, I read in the dev archives that something might be
> around the corner for an openswan deb package?
There has been reported success with NAT-T with Debian kernels and a
preliminary openswan package, but I have to admit that I haven't tried
this myself (still using freeswan with hand-made kernels on my
production firewalls). Please let me know if you run into problems.
best regards,
Rene
More information about the Users
mailing list