[Openswan Users] Openswan/L2TP Windows Roadwarrier setup

Axel Thimm Axel.Thimm at ATrpms.net
Sun Aug 1 12:39:57 CEST 2004


On Sun, Aug 01, 2004 at 09:55:53AM +0200, Jacco de Leeuw wrote:
> - I'm not sure if the FC1 kernel RPMS from atrpms.net support NAT-T in
>   Transport Mode.

The fc1 kernels have both the natt and openswan patches already
applied (see part of kernel specfile below, the CONFIG_* settings are
the ones recommended by the openswan team, e.g. not using
CONFIG_IPSEC_IPCOMP).

The patches are from 2.1.2rc4, but there are also 2.1.4 kernel module
upgrade rpms available (not for natt).

Would there be any reason for 2.1.2rc2 natt patch to not work with
2.1.4 openswan kernel modules and userland tools?

> # 1000070+ openswan
> Patch1000070: http://www.openswan.org/code/openswan-2.1.2rc4.natt.patch.gz
> Patch1000071: http://www.openswan.org/code/openswan-2.1.2rc4.kern.patch.gz
> [...]
> # openswan
> %patch1000070 -p1
> %patch1000071 -p1
> [...]
> # openswan
> for file in configs/*.config; do
>   if echo $file | grep -v BOOT > /dev/null; then
>     cat >> $file << EOF
> CONFIG_IPSEC=m
> CONFIG_IPSEC_IPIP=y
> CONFIG_IPSEC_AH=y
> CONFIG_IPSEC_AUTH_HMAC_MD5=y
> CONFIG_IPSEC_AUTH_HMAC_SHA1=y
> CONFIG_IPSEC_ESP=y
> CONFIG_IPSEC_ENC_3DES=y
> # CONFIG_IPSEC_IPCOMP is not set
> CONFIG_IPSEC_DEBUG=y
> # CONFIG_IPSEC_REGRESS is not set
> CONFIG_IPSEC_NAT_TRAVERSAL=y
> EOF
>   else
>     cat >> $file << EOF
> # CONFIG_IPSEC is not set
> # CONFIG_IPSEC_NAT_TRAVERSAL is not set
> EOF
>   fi
> done
-- 
Axel.Thimm at ATrpms.net
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040801/76106806/attachment.bin


More information about the Users mailing list