[Openswan Users] NAT-T on debian
lds at optusnet.com.au
Wed Apr 21 23:51:17 CEST 2004
I've been attempting without success (like a few other list users) to get a
working ipsec with NAT-T support. I was under the impression that NAT-T was
supported in the Debian >= 2.6.4 kernels via the native ipsec stack; no patch
need be applied it?
The directions for the openswan-2.1.2rc3 install, suggest install right over
the top for 2.6 kernels. My experience has indicated that for Debian
systems it is a little more complex. The default install to /usr/local/...
leaves the old version in place at /usr/lib which still runs. I have been
told there are some development issues with pluto currently in openswan,
where pluto immediately segmentation faults on start, for which I have not
been able to negotiate a solution for.
I've noted that patching the 2.4.26 debianised kernel with the openswan
generated NAT-T patch fails 1 of 3 hunks.
I've also noticed that the freeswan.ca site is no longer resolving, perhaps a
regional thing to au locale? Hoping to try out superfreeswan kernel patches
The big Question...
Are there currently any known NAT-T functional ..swan versions running on
debian unstable? I'm willing to put the hard yards in (again), happy to use
2.4 kernels...just keep hitting dead ends...
Rene, I read in the dev archives that something might be around the corner for
an openswan deb package?
More information about the Users