[Openswan Users] NAT-T and netfilter
Alexander Samad
alex at samad.com.au
Mon Aug 16 14:12:33 CEST 2004
On Mon, Aug 16, 2004 at 12:46:18PM +1000, Herbert Xu wrote:
> Clive A Stubbings <openswan at vjet.demon.co.uk> wrote:
> >
> > In openswan on 2.6 kernel the local NAT operations don't seem to work. It
> > looks like the encapsulated data does not get stuffed back into the
> > stack in the right place - or the kernel thinks its already been through
> > the netfilter tables...
>
> Known problem.
>
> NAT + IPsec is currently broken in 2.6. You choices are:
>
> 1) Test the NAT + IPsec patch available at www.netfilter.org.
try pom-ng (netfilter), been using it for a while, though you will have to build
your own kernel.
A
> 2) Use KLIPS.
>
> Cheers,
> --
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20040816/c0bd44f8/attachment-0001.bin
More information about the Users
mailing list