[Openswan Users] NAT-T on debian

Lewis lds at optusnet.com.au
Wed Apr 21 23:51:17 CEST 2004

Hi all,
I've been attempting  without success (like a few other list users) to get a 
working ipsec with NAT-T support.  I was under the impression that NAT-T was 
supported in the Debian >= 2.6.4 kernels via the native ipsec stack; no patch 
need be applied it?  
The directions for the openswan-2.1.2rc3  install, suggest install right over 
the top for 2.6 kernels.   My experience has indicated that for Debian 
systems it is a little more complex.  The default install to /usr/local/...  
leaves the old version in place at /usr/lib which still runs.   I have been 
told there are some development issues with pluto currently in openswan, 
where pluto immediately segmentation faults on start, for which I have not 
been able to negotiate a solution for. 
I've noted that patching the 2.4.26 debianised kernel with the openswan 
generated NAT-T patch fails 1 of 3 hunks.  
 I've also noticed that the freeswan.ca site is no longer resolving, perhaps a 
regional thing  to au locale?  Hoping to try out superfreeswan kernel patches

The big Question...
Are there currently any known NAT-T functional ..swan versions running on 
debian unstable?  I'm willing to put the hard yards in (again), happy to use 
2.4  kernels...just keep hitting dead ends...
Rene, I read in the dev archives that something might be around the corner for 
an openswan deb package?


Lewis Shobbrook

More information about the Users mailing list