[Openswan Users] NAT-T and netfilter
Herbert Xu
herbert at gondor.apana.org.au
Mon Aug 16 13:46:18 CEST 2004
Clive A Stubbings <openswan at vjet.demon.co.uk> wrote:
>
> In openswan on 2.6 kernel the local NAT operations don't seem to work. It
> looks like the encapsulated data does not get stuffed back into the
> stack in the right place - or the kernel thinks its already been through
> the netfilter tables...
Known problem.
NAT + IPsec is currently broken in 2.6. You choices are:
1) Test the NAT + IPsec patch available at www.netfilter.org.
2) Use KLIPS.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Users
mailing list